From be7ee4cae8853ed40d1314431cbd7bc61ad08fb6 Mon Sep 17 00:00:00 2001
From: Gary Sharp <garypsharp@hotmail.com>
Date: Sun, 20 Jul 2025 10:45:55 +1000
Subject: [PATCH] feature: flag permissions

feature: flag permissions
---
 Disco.Data/Disco.Data.csproj                  |    7 +
 .../202507170522576_DBv28.Designer.cs         |   27 +
 .../Migrations/202507170522576_DBv28.cs       |   40 +
 .../Migrations/202507170522576_DBv28.resx     |  123 ++
 Disco.Models/Disco.Models.csproj              |    2 +
 .../Repository/Device/Flag/DeviceFlag.cs      |   19 +-
 .../Device/Flag/DeviceFlagAssignment.cs       |   16 +-
 Disco.Models/Repository/FlagPermission.cs     |  121 ++
 Disco.Models/Repository/FlagType.cs           |    8 +
 Disco.Models/Repository/User/Flag/UserFlag.cs |   19 +-
 .../User/Flag/UserFlagAssignment.cs           |   16 +-
 .../DeviceFlag/ConfigDeviceFlagShowModel.cs   |    5 +-
 .../UserFlag/ConfigUserFlagShowModel.cs       |    5 +-
 Disco.Services/Authorization/Claims.cs        |   40 +-
 Disco.Services/Authorization/Claims.tt        |   40 +-
 .../Authorization/Roles/RoleCache.cs          |  102 +-
 Disco.Services/Devices/DeviceFlags/Cache.cs   |   28 +-
 .../DeviceFlags/DeviceFlagExtensions.cs       |   73 +-
 .../Devices/DeviceFlags/DeviceFlagService.cs  |   65 +-
 Disco.Services/Disco.Services.csproj          |    1 +
 Disco.Services/Users/UserFlags/Cache.cs       |   28 +-
 .../UserFlags/FlagPermissionExtensions.cs     |  144 ++
 .../Users/UserFlags/UserFlagExtensions.cs     |   73 +-
 .../Users/UserFlags/UserFlagService.cs        |  112 +-
 Disco.Services/Users/UserService.cs           |   18 +-
 Disco.Services/Web/BaseController.cs          |   10 +-
 .../AuthorizationRoleController.cs            |   10 +-
 .../DeviceFlagAssignmentController.cs         |   44 +-
 .../API/Controllers/DeviceFlagController.cs   |   20 +
 .../Areas/API/Controllers/SystemController.cs |   50 +-
 .../UserFlagAssignmentController.cs           |   36 +-
 .../API/Controllers/UserFlagController.cs     |   19 +
 .../API/Models/Shared/FlagPermissionModel.cs  |   21 +
 .../Models/Shared/SubjectDescriptorModel.cs   |   17 +-
 .../Controllers/DeviceFlagController.cs       |    5 +-
 .../Config/Controllers/UserFlagController.cs  |    5 +-
 .../Config/Models/DeviceFlag/ShowModel.cs     |    5 +-
 .../Areas/Config/Models/UserFlag/ShowModel.cs |    5 +-
 .../Views/AuthorizationRole/Show.cshtml       |    4 +-
 .../Views/AuthorizationRole/Show.generated.cs |   20 +-
 .../Areas/Config/Views/DeviceFlag/Show.cshtml |  356 ++++-
 .../Config/Views/DeviceFlag/Show.generated.cs | 1374 ++++++++++++++---
 .../Areas/Config/Views/UserFlag/Show.cshtml   |  338 +++-
 .../Config/Views/UserFlag/Show.generated.cs   | 1318 ++++++++++++++--
 Disco.Web/ClientSource/Style/Config.css       |   17 +
 Disco.Web/ClientSource/Style/Config.less      |   27 +
 Disco.Web/ClientSource/Style/Config.min.css   |    2 +-
 Disco.Web/Controllers/DeviceController.cs     |   11 +-
 Disco.Web/Controllers/UserController.cs       |   11 +-
 Disco.Web/Disco.Web.csproj                    |    1 +
 ...eviceFlagAssignmentController.generated.cs |   14 +-
 .../API.DeviceFlagController.generated.cs     |   30 +
 .../T4MVC/API.SystemController.generated.cs   |   16 +-
 .../T4MVC/API.UserFlagController.generated.cs |   30 +
 .../Views/Device/DeviceParts/_Flags.cshtml    |   23 +-
 .../Device/DeviceParts/_Flags.generated.cs    |  177 ++-
 .../Views/Device/DeviceParts/_Subject.cshtml  |   35 +-
 .../Device/DeviceParts/_Subject.generated.cs  |  645 ++++----
 Disco.Web/Views/Device/Show.cshtml            |   19 +-
 Disco.Web/Views/Device/Show.generated.cs      |  113 +-
 Disco.Web/Views/Device/_DeviceTable.cshtml    |   82 +-
 .../Views/Device/_DeviceTable.generated.cs    |  122 +-
 Disco.Web/Views/Job/JobParts/_Subject.cshtml  |   36 +-
 .../Views/Job/JobParts/_Subject.generated.cs  |  700 ++++-----
 Disco.Web/Views/User/Show.cshtml              |   19 +-
 Disco.Web/Views/User/Show.generated.cs        |  107 +-
 Disco.Web/Views/User/UserParts/_Flags.cshtml  |   23 +-
 .../Views/User/UserParts/_Flags.generated.cs  |  177 ++-
 .../Views/User/UserParts/_Subject.cshtml      |   33 +-
 .../User/UserParts/_Subject.generated.cs      |  363 ++---
 Disco.Web/Views/User/_UserTable.cshtml        |   18 +-
 Disco.Web/Views/User/_UserTable.generated.cs  |   59 +-
 72 files changed, 5590 insertions(+), 2109 deletions(-)
 create mode 100644 Disco.Data/Migrations/202507170522576_DBv28.Designer.cs
 create mode 100644 Disco.Data/Migrations/202507170522576_DBv28.cs
 create mode 100644 Disco.Data/Migrations/202507170522576_DBv28.resx
 create mode 100644 Disco.Models/Repository/FlagPermission.cs
 create mode 100644 Disco.Models/Repository/FlagType.cs
 create mode 100644 Disco.Services/Users/UserFlags/FlagPermissionExtensions.cs
 create mode 100644 Disco.Web/Areas/API/Models/Shared/FlagPermissionModel.cs

diff --git a/Disco.Data/Disco.Data.csproj b/Disco.Data/Disco.Data.csproj
index d9ec35b5..b8aa9ca5 100644
--- a/Disco.Data/Disco.Data.csproj
+++ b/Disco.Data/Disco.Data.csproj
@@ -197,6 +197,10 @@
     <Compile Include="Migrations\202507110430252_DBv27.Designer.cs">
       <DependentUpon>202507110430252_DBv27.cs</DependentUpon>
     </Compile>
+    <Compile Include="Migrations\202507170522576_DBv28.cs" />
+    <Compile Include="Migrations\202507170522576_DBv28.Designer.cs">
+      <DependentUpon>202507170522576_DBv28.cs</DependentUpon>
+    </Compile>
     <Compile Include="Migrations\Configuration.cs" />
     <Compile Include="Migrations\DiscoDataMigrator.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
@@ -293,6 +297,9 @@
     <EmbeddedResource Include="Migrations\202507110430252_DBv27.resx">
       <DependentUpon>202507110430252_DBv27.cs</DependentUpon>
     </EmbeddedResource>
+    <EmbeddedResource Include="Migrations\202507170522576_DBv28.resx">
+      <DependentUpon>202507170522576_DBv28.cs</DependentUpon>
+    </EmbeddedResource>
     <EmbeddedResource Include="Properties\Resources.resx">
       <Generator>ResXFileCodeGenerator</Generator>
       <LastGenOutput>Resources.Designer.cs</LastGenOutput>
diff --git a/Disco.Data/Migrations/202507170522576_DBv28.Designer.cs b/Disco.Data/Migrations/202507170522576_DBv28.Designer.cs
new file mode 100644
index 00000000..17276fc6
--- /dev/null
+++ b/Disco.Data/Migrations/202507170522576_DBv28.Designer.cs
@@ -0,0 +1,27 @@
+// <auto-generated />
+namespace Disco.Data.Migrations
+{
+    using System.Data.Entity.Migrations;
+    using System.Data.Entity.Migrations.Infrastructure;
+    using System.Resources;
+    
+    public sealed partial class DBv28 : IMigrationMetadata
+    {
+        private readonly ResourceManager Resources = new ResourceManager(typeof(DBv28));
+        
+        string IMigrationMetadata.Id
+        {
+            get { return "202507170522576_DBv28"; }
+        }
+        
+        string IMigrationMetadata.Source
+        {
+            get { return null; }
+        }
+        
+        string IMigrationMetadata.Target
+        {
+            get { return Resources.GetString("Target"); }
+        }
+    }
+}
diff --git a/Disco.Data/Migrations/202507170522576_DBv28.cs b/Disco.Data/Migrations/202507170522576_DBv28.cs
new file mode 100644
index 00000000..ad853226
--- /dev/null
+++ b/Disco.Data/Migrations/202507170522576_DBv28.cs
@@ -0,0 +1,40 @@
+namespace Disco.Data.Migrations
+{
+    using System;
+    using System.Data.Entity.Migrations;
+    
+    public partial class DBv28 : DbMigration
+    {
+        public override void Up()
+        {
+            AddColumn("dbo.UserFlagAssignments", "RemoveDate", c => c.DateTime());
+            AddColumn("dbo.UserFlagAssignments", "RemoveUserId", c => c.String(maxLength: 50));
+            AddColumn("dbo.UserFlags", "Permissions", c => c.String());
+            AddColumn("dbo.UserFlags", "DefaultRemoveDays", c => c.Int());
+            AddColumn("dbo.DeviceFlagAssignments", "RemoveDate", c => c.DateTime());
+            AddColumn("dbo.DeviceFlagAssignments", "RemoveUserId", c => c.String(maxLength: 50));
+            AddColumn("dbo.DeviceFlags", "Permissions", c => c.String());
+            AddColumn("dbo.DeviceFlags", "DefaultRemoveDays", c => c.Int());
+            AddForeignKey("dbo.UserFlagAssignments", "RemoveUserId", "dbo.Users", "Id");
+            AddForeignKey("dbo.DeviceFlagAssignments", "RemoveUserId", "dbo.Users", "Id");
+            CreateIndex("dbo.UserFlagAssignments", "RemoveUserId");
+            CreateIndex("dbo.DeviceFlagAssignments", "RemoveUserId");
+        }
+        
+        public override void Down()
+        {
+            DropIndex("dbo.DeviceFlagAssignments", new[] { "RemoveUserId" });
+            DropIndex("dbo.UserFlagAssignments", new[] { "RemoveUserId" });
+            DropForeignKey("dbo.DeviceFlagAssignments", "RemoveUserId", "dbo.Users");
+            DropForeignKey("dbo.UserFlagAssignments", "RemoveUserId", "dbo.Users");
+            DropColumn("dbo.DeviceFlags", "DefaultRemoveDays");
+            DropColumn("dbo.DeviceFlags", "Permissions");
+            DropColumn("dbo.DeviceFlagAssignments", "RemoveUserId");
+            DropColumn("dbo.DeviceFlagAssignments", "RemoveDate");
+            DropColumn("dbo.UserFlags", "DefaultRemoveDays");
+            DropColumn("dbo.UserFlags", "Permissions");
+            DropColumn("dbo.UserFlagAssignments", "RemoveUserId");
+            DropColumn("dbo.UserFlagAssignments", "RemoveDate");
+        }
+    }
+}
diff --git a/Disco.Data/Migrations/202507170522576_DBv28.resx b/Disco.Data/Migrations/202507170522576_DBv28.resx
new file mode 100644
index 00000000..757dad57
--- /dev/null
+++ b/Disco.Data/Migrations/202507170522576_DBv28.resx
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Target" xml:space="preserve">
+    <value>H4sIAAAAAAAEAO1925Ict47g+0bsPyj6aXciRi3JsiyfkGdCbkl2ayS1TrdsP3akqtjdOc7KLGdmyerza/uwn7S/sGReeQF4S+alSvVwfNRFEARAJAiSIPD//s//ffGfXzfJgy8kL+Is/enk8cNHJw9IusrWcXr708muvPn35yf/+R//83+8eL3efH3wewv3HYOjPdPip5O7stz+4/S0WN2RTVQ83MSrPCuym/LhKtucRuvs9MmjRz+ePn58SiiKE4rrwYMXl7u0jDek+oP+eZalK7Itd1HyPluTpGh+py1XFdYHH6INKbbRivx08iouVtnDV1EZPbwk26yIyyy/P3nwMokjSswVSW5OHmyf/uO3glyVeZbeXm2jMo6ST/dbQttvoqQgDen/2D61pf7RE0b9aZSmWUnRZakX9ycdX5Sz11QC5T0jq+LupxMqhJv4dpdX+M9LIoDTDv9F7oUf6E8f82xL8vL+ktw0SK5W9JeTB6dmSIpOhntxKo/R9RPRM6rpH2VOteTkwZv4K1m/I+ltedcJ+H30tf3lOVWV39KY6hTtU+Y72vphlyTR54R04KfaUStSJx7z9yjZuXJK/6kZtv6bH/XFaa8EWtV4la12G5KWn8hmm0Ql8dGM87X7dLM+ThL4brDcX5Filcfb+htzGvvJ94MH91HvZ0MHfRMnJclff93mpCjc2XZVOpWAi/QXkhJqd8isRJxvtllevizLaHXHlH0BxNBFJH+TRLeXu4QUk1NBRy5Lkr7J8k079s9ZlpAo9fiqvsQrUryL0z/J+pc8220n54bJclYCzotf4/WapM6y/BB9iW+rVVnC+Db7fLX7XHkWJw8uSVLBFHfxtvZDHspm+1ro8CbPNpdZAph3Hu76KtvlK2aUMgvgT1F+S0rPVaZHFGZ9AcHoIGyESVajJ4MXBI5ap5G/n28ZfPzInWtUw3trPLKWt4prpeXtJ2HLRW39zjJq01OKE2FDBEK5wMFUJjSwrjzQvv/ckR0yB20rRjXUrpALAnnQWVkQhErWpiFSboZoVGA8SESlqKHNRJeRJnt3X9Sb6b3987T87glgNui++oput0nrL64/Mg8lT1lfUnFh54hUu3zNcDbL+VgW0mbss6wo20FfkVW8iZKTBx9z+q/mGOX5yYOrVcTQQWJ0s1uVsDQmq2q/Vm2cbLNgOMRoIcAen5reQxpudBX/yMJAD/gq69k4qC/S9zv6fvB39D5KdzfRqtzlJHf27QYPXn9Xc4xar5BOIz8dOvArchPtkvIj/VruooK8YsdIrQmj//4UbzxQ1p+anzF0IPqPKM+jtLynrV/itbOuhJLdJdlGcT4ZESH82YGLA2xcDSuJGxs66q+FFVCmmW9FljEBJIBP5nUkT/I4Sj7sNp+ZzjifuAu93U4mB29/XxYFKb3GHvzJvctWUfBDYHujFsZDZZjojzdxQsxLuQ2yn6NydReErFfZJopT94ONoeKlKhXfpmTNjgOnH/1dVJQfSPl3lv/5LrvN0hCr4Mskyf7+LY125R3zuFbMC3ud5lnnW/ge2p7lhOEy0WiFqyIoMSOzFWKFL4wPsco2m7g65w9DHo/xkkQFZ0PqlUVuLoauxKYdmsMyBi+44ErnRmNjhjRUNhDX3bIsEyoBIEuuDOV3WFcZOg2xVTtOqtCMECrCuJLJ2zHd1ItwytzzzdjkCzB+s8+61mg2BodRhGzEoxIOgiGChmH99OIVKaM40TFQQ6CEC80IwSKMH6H9ybmO2B4KJVgBQYhW4TyPyekv8U21jGnPbHowlHQVBjsiVwGDHeo2+Op25ftjP2PfXdXm972xS2O7702EREUJgiHShGG9L01MHFzLkMgC1wLo17gOKsBZXbvmHdBpHfvvBBeC8ib0LstLr6HnuwcdfjrZnPpc5LdRGheV8r9cr1lMyqD9Fzsx2dFZZ391AV0hgyHsBBsXdKzPO8aVcBxZfdhSY+GMnhdalFBSy6As2sj5dXqT5fUBVSvusyz9wr6zzD0IBEaOs+mLuDpdZHuTl69erlbZLh2MkXcf2alK8nK9iQcLoNn10okoqB27JPEmuiV0xaw2hsyCH0DIEi+5WQnh/KP29Nk1HG34zQVHxMtdSVeEuD+Qn56aP+KcJNQUN2v8hIQMOM923mLDrhK2ER/gKtX77W/bURruMdhertk5XbvtNolnuBjtuGj32hNLkS2jY14qMvz/3EWNGg06Sa8cxHA3Bu095+9REq/p4honOi1yweg3lwGCbtNil4c5161QRemKzPZhNMwEmZiOm7lmpt+vTzzwN+3YaZwH2ZZYnH6rXbCDcBkS8SxQcL9jsAqd3UmoBHotXAOAXMHAusN+pIffyZiRGdvbCf1MhPXwegkckq9ndzdu5XR9Iqu78FfTtu/ASBraa7Ua+T1dvzxC0gKMzFbOoow228Hesudy5uGthri5DGHoNHbDYBptGWo/Bgdu+i4mVlpISz468EGmsCLNw/K1JsHV+s1kSl7FxTaJ7j32wMOd5Ktd7mHFho/7S/yFpLNw/PEuS4lXlNzwlwivN3TzIN1K2A7uHk2FWgqm57qr+b79WrYOUpPiv8ntrt5aFX1gcEFFGJBEqRkkU4bxcyy9YzX0oSYaYLu4DTBUZfD1fIVNvpzvflQWh77FdTFr33KbRKvCgfoAgIA6AcH5qLD2Ir7CKkJJwuQbYaEKEIMX2fqLDbfUwpHV4yY7mWnx9klCEeCO3z3JSoBBp8iyYvqyhi5Y0NcELWje39JhbtrnCQA/7u+P+3vH42opE0HYnEg2FPwapevEQ2VDDUxtCclJuvJIgxGIApbtbamrhOO+AVotsL1FkHMaaQDogAYBMdGqPZLR7nPkdGYWdKt9UPqV3CEGPhT4AKft4t7JZ92u8egeD4Ld2l1afePquvBDg07/5pBjYOCqMe9rs9/SyJIZN3tk+fYk2PEAfEJrc6DgdvIx1rMUK/qlkHqvb/9t9vmQXPQZs1+NaYZss9VNbzAutnSu1jPuUWoCwrw4/bolK6p1Z0lWhAkAqjGNIx378UNwwg4F+51M6+28j9LoljBj1LT7xNX8SpL1UPJ6TPMJu6fBMxPA8LuVmoRLEq3v32R0F1Tu8jSMaEWccwu5piLU42se43yc/RHFJR2Iyrha5le8Ag13wAxJ7q67diWBHPtZ8Uf4NlfPyZRhyyGnHUKWNnvWIKdO+ygTSegi3AoF2cBrbp+gCx0/CsSVHZ0pGUycLLEVnC8JxHXKxCUWJVMGE8kUW0EyJRA/zeIXKJRUCFQkV4UASQbA/MiGjb+BAawTxAoMq2EK6eDLnmj7jYzJ4DBLIpSWGQnUw6Ka4gUEEGYQJKrFRihZqAThcZ1uSP/FQwAUCm0QgSKAB33vsluUMtoG0NT8ClHTNo2TNbdZ6KCEuU0Tmiu3bfcg7D0po+4VAEafAAQQqbRDlKpAnuS2r0l01LYwCLF8M0arAONJ6ocstaGWA0MIliAwmmWwQcnmWv9x8rOkfU9v7uzGm3znyid3yFcNrEsKzNAjxsOMB6CMHYP3j5f7x8v94+X+pJf71ao/3McHDD+yCwhyqy+iRzZPNnf6CNgoV/riWLobfT2kgYmw9/n8Xui43i5lvZ0zL9RE1R80hsl+Zw98KfDWP5RV6rEjRkkF0BMZ5uFXfYZw/H6X8v3O7jv6pFDz+VT1R12A5sunYKE+TIYX+ST5JoykYJ9he2x2YN9ixdbQDzLAN/1yvQ4VO8cwzWQeqrGbL3vy7CCXZJN9CXMd3qCa5w68GXwuMV69e/n66zbOSRFCkh/zuMo4J0TNtN9d3zjEhFeo9OX1WuMFF9frWvHSej2Ix7n20EsMwLSDlxzWcaithTASxkHC5HUAWiJ7KFdSuQ/RSKwAC5PLgWgJ5uGCLJyHtGp+cD8vDfDkcM6d4/nKo6DNUIbZoGdZQrXUWdjDZV0lkmpXgmHZ9gKtAPIqtfv832RVnq8nSIQ25CLKvbwrZpcGxXRxC2CIdRKlUV1Kfc2meM3uYT4bp9zVggbw5d9lRXGRv4pYauUQPtRrlvzat7BWgHBaX8M73Bf9dBfndIGiP5xFu4J08+KbnFrG57GUDReoTMQfd64v+J8FSMNcpqQoSMH+LJpENMQ5Fc1wYfy8y2+TKL//dEduSvrN32XrixtqD3JXmQTIB9T8yepkXRESpMjYxyyJV+RDxjJwD1dfEdtVOY9BEKkIL6WznKK4JFtWuyJz5O7pYO4uyYq6/vklWe9WRAxAt6Th+WAaLso7ktO1h9CvsvLQ8zJ2/jgD3LLT6by4adNKD38GFMWbN1m+uaKrWZh3RRzCeY5q6szCc2U07oMAxifA53zDPQgS8CvxSEn74HhJT+zoBbppqFegzbyoXUL4zF305F65zK+/sjOIKAl+tmDlXzeDv8tub8MsaC1G3w80HE/sQjYhFuVIg371LsHEyHcCBu8O+TD4yOK9+jbOi85mVCZjqBfZ1Ceienh2x+R6Sf7axYGS/WO451meZWqsLtm8ES+Dx49RPAqLDO88HLYO6EW+pi5PFAd6zA2gXQJ/3i5dSCpCuegK0rnc9C9Z9cRsReJAN8QSyrluircRta75LF5TO3g4r6nFOJ/X1FIwktekWx1tXzvpcWifQem6Ym6YdX/nS2hsCfUVBHZXbd3PRwT+N9vY+urLft/fifu2mw/zXV9X3pGl15Z1tLuWc6SXDeNY10F825xGoERoziSMfZw51p5P6PgFFklbbsGuWl6BHjacQt08np6HfaxqQffgbTHjVMxyfkhBKi13QzffcwZS7n046GFFZIZjY6Y8aHNVDrxIexvz+uuWXTVTO3lJil0yfXjrRdqm95yHHGOhC5fqFjW8scIF+wnMpovB+hTpCF2Vw5LewNGvwCjgxkIHZ0P6eCGxwGBIZKwe0oYLU5ysmQ93Nqy5cGNi+AVc90EekBt1jPU99FhfprWzFvVlBCygtjDspCzGPZmckI8k38TV0MXbYobxmxj01vW+L1Bj5+dmedYTc/G4LOuKCd6Z98rTPhc7oMVnnm3S8XV1oNfVWtfOoewdmM1VgHB9k2csvNJgRquuyO2gm6kABahP4l+fz7Muyci1+hZQuORYt2+6Mw5jaummAB9WJ0RoRuqDiDABvrnDzNs3f62OY9q/SUee3bk4pv07pv0bfwXhE8ohq4gCgqwkKlzQ5D7KIJC3iQKZaR43KaAqIk1eQCOwxQyMUO3vjDId38QrRu0BLe30zy/x2sNKPXs6dJHphk7X5Ouwm3ePo+cnzwdfkaYll3Pn5ziN2ENUk2P+7LvnT50faKQMdvCT0CpBQ/VtBgn6ThL2zDxkTaFJPUz/ZYMzBei6ocIgZgsADGCtDjdYp+dvaLjOAs4TjqE7x9CdY+jONxW609svzQoj3fzwfeSFBgVF1hscPnjtN3AoSw5cqA8c1gOOBAb26CHtWBgvuAccDgnvMcHa8TJiiI9mPAdeXFkJdRVzDPU5hvrsV6jPAqJs+hLux2CfY7DP6ME+0DIAh/sE9NHgCrhmn27IQebhBf980/eTs9/VBQ0EMheUFrQYKi0tAmBFpiWooGFBAm7NVY0xNAgBG+SRvtyVd1ke/6simg1zSJZgHsd0ygTD8jfLsvxMsRDj+rXbCGvMimpr3Jy1RJQuKpPzgi1eRUfGb+ma5Mk9JZPXB5HP94TZ8e4CZH1x8y6+oX2rsKSfTh4pghE6XGXJuoN9bAIu6VeQduBPDODvqtpQDfB3BuA6s29Py1MTfJYyxe/gvzfAt6Wwuw7PHqnzVs+QbtbigmrN5x0zCeznEHN2kZJP2fsovbeds6oD/U8/bx6cMPtIB6UyZyazYoHjpVZrgJVnT3WsnKc37JuqUF43936/0JYCI9UGwXmSkFtWVqxVO3cUv8dMcVe9xJ664/iY5Wl2m0fbu36injug+TVa/VnZm1YSzxw6U2P29f7n+y3d2PRflIsgfs5JxBZFOt8vb3NC6ioo7afgIo4a05s4jdIVdSNVbI+fGMTCBBqtKFN3GafET5/8+PTHZz88+dEgl7b36w0L2u1m4vvnP/743dPvfzQIpe19ntLtWbUYtFT/8PiHH58/+/Hxc4MwWgxX76/6qXj63fc//vDd8++eWbL+nqf92fMfHv/49IdnP3z3zONDVrP+myzSz/dKaIZkt/+2NUUfsnzDfZqGr/vX+PYO+4xhXunmLqNaxsyt4Pe+p4tx0rumdXm8QmKKLoYPePcQ7tT7krVX0PulFTz1BegmOt4m8YoKlwrk4UOVS8uROg9bHqkvqimN9m/KUE2wWhmzNJQpXY2iOC1VPzSmH+c2Shz4l3BYerNs4rrR5JZXZEtS5pA6CMeGDA4PTFE3sOR5m4T34pRTOBs9vOY1Ra8TPCiuc2YF0OJFNcxelwcoGETKZGoFyXe/lInSdhMnLSMmayZB4yrVAMqTb7Zi8gioco1qtRA+J9MrRAr2qtUgmFm5fo7K1d11cyZsb7Wwbri6VT3czRg60LwmzUTWZGpomgg7fZR7L0EplYjwWoMs1AXuaVBN7uWRn5Iio6J6Cn4Q4ZVUT9a0eqqfGHvTWXWbTUfrJArVw7fqWBrTDQkO0r8exEXpZMSAitXn5aPoFjK6zey1NzwDtAkR6rDRJ1IaTv2NiiPBYsrjZ7WgASyVKNxCqiFiQl1C5Lxv+tTdkVlOuXpjNoJeKfdt0xkoDRXzKJcscBsq+EvxJSiZ8urMUg/wB2gjKB36do13wJTncxMZOYy4CdwwyzmxcsKAp8Ez7hYqzriA4OqfTYiu3m/X9MR3C2In982CbtDJF2FrkiaymtbzYkMP329ZOtqcjzkpihzXP7JeSk8DjId7YyqkSIvN1Bty7wxUSHEq7PetJqomUMe3WVXVWqiSjekFAAupXwPmcpAMYQY0rW8e6ShZw+EES7JGCjajN91ns2wsK34795qJbmEQ1XExVDw2WF3sFNFXV+TBp9ERWYB7pBs2JsbCvHjoSBCz4sjwBRUrWRu34ipoILYlpNPuunECJnIdcbHaECD2nPW7OUuywlKNRNBAaiQhnXxPgtMwoSbBkrUhQOw5qybVXuevJLHTJhU8kEYBiGfRKpyOCTULl7L9RoLvvQANuyTR+v5NltfB1A66BncMqnXIEDPqn56iyTVRPwf2OgnjWYR21iH+TnopdgmskRLyWXURpmUGLYQl7qJ/IoY5NY87aGdqotEJERLRM7+LERU7vBcab0MADz/NrhkWrOXeeSG6Y2OxLC91A2nRfJvL+W909cK2IWJhpsn6PlffbUR1W9Zlrh1tk5u3g7jKpSx1jz5Ma6YAiGifw9MZDe6pF0xw9GkUChTqHiyXPd02q6UKPZr+zLdU4jRMt1Ligt6XhfJddmsyRA0IokK01VF5WnxTmx1p3GkMjiS8PTA1jGIbI8PDBdWN+UwKNPp0xgQS6L6YkeoRtu1dqAKMqE8F56hAKu7prkbrsav/0r8sRNCBugjAEHEiY4bZb9vHizhBOJzG6iJCsLS+Vb/Zv6bmit+oRQ2cToXcD3EFzFMv1NDgE+qNJNA9WLI7svv8wzZzC+QgDqo7atLiyVZynIbp1nNczjY0CKn6Z1csPiG0zdSDSaGDKheURXrKqyUdITPoGCBwGyqkSgpz6dl7UkbnabHLo3RFTKueAoxomADnmMkGHGbqdRClYJrFEJXzHqyIIu1V+sM3Wb65ogOYbJihq4+yGWyaacQ5zJslTdNZOstpsSFI6Ty3pv4R5ZSt8t7G8vGwGl1swfzsnjDIHGYPImA6qwfJeE+M3ocs7ah/uVplO4o8vT27YyK8JH/t4tzsxbng0aggh8LDIFoTMJd1dCVwWlPpOn9WWxINniXrvdWu2BrJLBrvvJWeVN1n3GQ7T5uPoi9iL27i9GMUD1byFscsOt4NvkQVl4lbjobLc+aj4C2OJen3R8rNXVSQi3xN8ssoLtxtOIJiEu3Gxl6Cchtom0+3DRNmQxiCYrGabXskYUQwvVbPfkBhTdlCNNrnsAJEsCRtPk+/ZNXDhBWJLa4ILLpPosnQuEvQYw1d82mxZpKsTmXU7kvSYItTNwncT0Ptzt7koeY4fkNomO4EDpH30g/hqg/jrS72p4PA0sM5Kk2Pz05PAgX4KGxMZJsUdoeNO5FKSJUa25+0SoL0wdRGBHfNLIgNhiyIdf3K0dJaGqiZwApZTICt4rE+S1M+V8WbTOlmyKGqoWJCm6YR+j5aOPOJu67TJOo2V3CaDSnzKd6ehqoBnNhErOm7TaKGs4ax2dEznzbucVAbyo2fQk6sjwtTxyVpo58yzq6LSplpnU7gFadFVWiLxDuqHFqperoVGCNhQu3ChGxDwuxPviqCOS4MBx48ZMiDDwEvokXWSup/EAKxN+WBCCSGxW8b4IpJRvuk7zZh+auZrJcdMRNpn91k7IVFEwvN2dSgFGAdSwJaFdIVB5inACXI5AQncBoJ2Iy+hApqTf58vj6DQaMsa3N4lMldQv2N+StuHEKNjaYsnFVtDQEW1yf32nwQ+nlqaIA02EzpVdjaGaCo7S2ViZrJ1EspXmlQMQUeV7Mhzpc6jLW6hTZjKCkzaB0q/f3WPMtNgJP/H0j7ZvX6l+LwH4av75Mj0thzfPO3qGSR1uRNtmU4tJSRNVdnlLr4Jl4xLqzWZbUDrpkcrLtqAgPNtjTjtMywNuMzsIeLsz6ojYOx37VaHYHMENoGMDOD9jgHuS1MYaS7s/5HgxKh/XDF8r//NA2JGrIRA+AsaZpsPTVOiL1yzhoKp+HGRyUnVseZTle0tMxgFbVTsf9W0hw2p+82mVLOFTxnR8yke+HDCKADebEJoTN1nEwlZw2ks6VoTs3c42A6DT++yjmDbi5ONZelmXsYWNds9G1D62BwzbmMe3gdMsQcq/TMIXZ6Ye/RMfW1wInxEEaEDn0cI2FHdyXjBt1pWZ3jsAYWyx5uSIT6OMZc/po+WqvmXnNGN9JECf6V2wQrCWk6gSIy3NxoZaQbaxQhvaaaV95TzSup3pG8FVRcrLJXURmxBvK1VITDOl2Rss3GmaU38e0ur7Cfl2RTnDyoYThaFSBADiJaWRoQVlXaBqT8lKvoeIGaqBP1GSRO/lqsUL7P1iTB0VXNlqhwLJYIqLW7iRMNngbAEl0VzafB1gRa2uPqrwoNSPmrWwN65jBA2Gp3y6JzHUiEoWhDtSwQ6bkTISylVnXq/HZcaCKczVeFfE42XTVfo9Wn+JYvM4ggcpDUW64qGILN/pt+W1UFQtBU1ZXMCPp6NCCWPg+/JSodHhskQiJnBJmUTdsOaZMwJNYh7VOz2OHs85Bo0QpJXyy+TXEDjH2f8imEJWIdOisk3VYDxtP59lY2A7dnfLslMhuL7WzVuIt6zTrMx0hYoTXPMXzWZI1cj9LeBdGTZzvbL3flXZbH/6o8NOaQQigVIAUt52mCrs216jlxXVRfR4WXN1fyJgPu1jnrHd+yx6Xs2iwRt565gpjnUZLSqSgmaxFeC14gJjgBysQVD4wLyUY+AiZUKrC4vSXSuKDdkx9UKDKgiRsJHhdN7yUbJSTjRIUUTj7tC5ybiO4QrbQH7WHiDuuIi67bERglh+KeSs/kN3LClkUrSqSTFcdwX4NAhUXWTrLIOKhwkYnzkG6/KaozGwGylEFwjiRISE7CFk0jHBkVIIpmqxhEBNwE6MQgg+npl6AxcdjqC4RyOrF0tzNm0cAXOTpelLucMCJS7m/GF5N6JGYUlz54XscfGjwfRnxoqDxvj9RjwkAWXzwEEZ+BohZf18lkiTV9cYuvHOkYDb5umBH1FBy8PY60FGcD7shh452OJ8JmgFG9ueY0TLi0AMQGgeHcANCQmPpDOo1kIFyARAT6Q0jlujsnBKXRNWspb6EQ7o2cd/1hjgOza1AA+8m3mHgr1qed8IstofZK5w8AUHoeRGBvUUhoRrSmbLSzJCvMcpCg9AyIwN5ykNCMLIfayP5KEqMsAEg9I2oHb5kAqCaRyyWJ1vdvsvySlLs8tZMQ0seGQbjrQKkhSCeSHxvT/J0h0HbsiZ0GS0tCN66cOIe9uoYCxSMBadkQYRFh2G4pVHzwGhVeGAaFcduvwh2CymZ6dbHZqxp62DJns1P1ltxc+1T+Klrz7YkwWqYEUERG+LWGHtuo310/lOGzAwAteTB8dD5imeiTe5fdatSjbdXS3AAhvNcxDnquWwyjqgEbxKAAAoiRYsOk2zI+0URXMRwWO0QVTsuBAo5Iow0v0ctDxTbFrrEelYul0Qimh7JgpAMOIJQeFywSjvxgMmm28DqBtCBmDhpInShsHFkB16gGoxupf7ppEATyxhNlQX3cOVQo6uPNEa0JG5B/R2iQDvrkEOUGems4VELQW8JxZCQEumm+IxVOy4kCjohGjsXTy0fFOuq3JQ53lkTxhu7hN13BTBtJqb0cOFQ6jyBFdYzxFU4ofIdLEa+PB7EElsdT5cRHU5rlBBbCG03ZdFWW+Vr3GplZozCybotJI2speNUsbusxx9dRq5runhNhuQQ7l5YfewqmWritK837iR8uVO8qDKVU/cjCV6rTTyN7rAq6neitaqibJGGqoh5Y8KbC6TPI3cLlcKzv7SQEC/cjnMQn9ENMVaTtpG2sP21iX1eBOrCkdUWnp5Gz3uXTVkU2Mad3/AbJbVz3r5oG7FSnb8Qp7mCwADZz2JqY6HAcHrEytAjXVlVrFUZMdWslySivZAxyMlWqBdCPKD4H0bmLbUSRjR1QiuY1s5OXjYOu6zaS5Cbxv4FxDednhh5OLBpO0wIIcaKzNXRkZyn6CnF0GU4hQiW3ESI5fQ4khR80B5LERv860SAgNOPRSHIRa99hboMAZFj/edgBboSABhECJtVgj5t02mLogbOn7zjqm6YptEp8p2Z4jKgpU4axY36I6P6abrJXiJavJ9zeS1i+kLB6uiqgGl1LxBpQqDg0paIAHuBiUYo4bB6/QQgn0BK1dhEqGkOZI4AbvNCRwpGbscFLG00jKrOx9rHTTibaW2DTGWbHsENzJxe1sAg+HKp5sz6VA6qboDI1VUIB+NTUQlEkKCYDMYpQU/1kzOUQO6zim41rFnZg5bDsjXxoVY+Cl5JAJWBZfQJgyVx/QpGUy2bONAiqPKEOsjQEOIrTT5Sji3GK78/leMvQw5FH7RFXIDlOcswFjmw46DL2cWTUcNgVSJwTHXhpxvaQp784J5HmNMK0OfxCII1+g8UBmABp5YxMeAjWGFuZRtQlkQCNnoUIHySxlO5YTC/rIRoEpFPWqZEp+zI87Zr8yxCTNg9NdLhHD7jX5lqGxGedm1nk0SY7s8sOyB57MBG+OK1RdFmYu7YXp1erO7KJmh9enFKQFdmWuyipk1u1De+j7TZOb4u+Z/PLg6tttKKcnP371cmDr5skLX46uSvL7T9OT4sKdfFwE6/yrMhuyoerbHMarbPTJ48e/Xj6+PHppsZxuhJm4IVEbTdSmeXRLZFaWXboNXkT50XJEkp/jgo6IWfrjQJmm3O6HQ5NPa1OJ+vJJqXtyv7NJbp+yEZ9eEm2WRFTHu6BVNUSzl6+byjLTEMq7gmnChY4KJarVZREeZtTvk1tv8pYMouzLNltUuEnWVVxHP9F7kUM1Q/2/X+Pkp1EQ/OTiuPFqSQMeQZOlSmQPg15cq2mXv2Uh8+86YzHYuLNKDCZsyoVvMChqhV471ekWOXxlqmbiEZosMcXQgvfxElJ8tdftzmh/p9MmNpqj/ki/YVQs0Hli2GHIVxGOKcLZ172R2z4SDpI9xHb6+LLXZVTEhpKAnGYEaqSJUnZcwVpMvgGF62rXLh3cfonWf+SZ7utrHxquz32ytVFcaut9pjPi19jukmWZrL/dTFWTu8Gudq3HpuHZdN1Hsemva0TJ8lIuJ/Ht49zrW6ypx9gcRNR+qxtJgxjLW1s2MrjlRFJTfMtl2dZUYqI6l8WplBNTtxQygSmBbZWJKT3fvhH76N0dxOtyl3OjpV4hGKLA8Y6K7OACir2YsRRJ8NT8EC1NPQSq3Itt28LXlUXpaLkAADXz1r9cPjfnaltA85p65d4LU8NCuQ8Dv0UojjXjiKDLMwUhLMC3gbAYU8slFcTNiXawms4xpdFQUoIodBgj+9dtopU49L/Ovdyxzo22edhrFyjK94qmgzG2jW54nyVbaI4lZEy32NHd43sL8fZ7qK7ZJxym8OcR0X5gZR/Z/mf77LbLFVNJAzhQHeSZH//lka78o5+RlWUwvp1mmfSOqEBc3BhcsL6qUwIDfb4KgISCKHY4ibvqi8saK7JRdtW2WYTV7t1iFao3Q/7JYkK1flQ2xe2TnTVLUItF23NON9VA+0/juNYmxq+v6vxubrL8lJFw/08nxvb+CoX+W2UxkW1Vr1cr9npFejTgHAuu6TefPfBd5iBx4o6avmJizKPP+8YgaofrLY6HM9xrEfJb2ksua1Qu4uxvMnyem/dsn+WpV+YNZdn2gDqPKaJMQ2Y/ViVG8ys3MtXzbt8cRCo3W95Zy5X8nK9iVN8medhnBfjMt8VdDm8JPEmumXZhqp1hxkscFHWgS/loJWXDT4GDuVgAfpwy3ZnJFkaGMJrhKZYWb/Rw4eCQO3H/CPOCV0ii2ZpQobDoRa25LfvSEKt+GC9I+v1Hum91NUePy/xPSi52m23SaxsfLtfPWhrn4CA5GHvQ3C8bDVQD3L6X90w/XMXVTqgYutbnD0c7a4agnD4+pvjpN+jJF5Tgx9LuzOo3R07OGdKo8MVGMtgBu14hAZHfCwjGqyuQLMzrYBsxRYPakGxqq1OPm4Tgib5tUgQoE5z92vNn3/N4l/PBF28uJK0g5YxHZ4xL8/CntC14akyQv53pygRkirLbv+rw+1HTDeN6uVH96sDh7RPUUYb6Wvgfh7TIMz0IdWRxcO/Gyh+2uIzgbvpYkMGfhlxsU2ie9XjExpc3LRcVePuR3s8v8R0L69Sxf3s4PDdZSmBbjmEBocjgw1dDsEDIrFlUTrdLuJhNLspd+6n31hnFy13t7DHiFJrXQnrQYgYPXVmep8hjNYdvYSZtg1SBLLi9gHt9th/jdJ1ok4q97MzrktyQ3JCd1sIUqHdGTv7JkG0dcNirE/tjVcfPPe8LtQuRsTrvYkxodHvQvAoDqjdfSurnmWILXPHC/yWRiilctti9BJJReAReuwXc7yfwcZjqnuY5VksVSrjU1tdMasqzv/usOX4uiWrkqzrkqJAMAnQ7rDsCoVKlXAjpdUVMxBN40Vnkz1CerIB1Z4yaSUrQAppY/27DzZMejCEzwhwcB3U7opdLCwK4Zchho2glxUO6z5qXQIUCmhS232xm7hRoVzuPWKWu59Ko3I6Vur8wxBLWjgDvtvxf7Qz5YudPXtl81Ys+Blkogbt9w39R/N8AK/nuNk/bvaPm/3xDE/Qt308Pj+zM/mrvuVZnW/uTeDbpn5tEP2jmPw0D+z4rejcN3nRLJT0DKJ8LTo/DcR7j6aG1ZCALna/T6vUVcZA4Pi0/9kRF3hwyjc44mu0GEDYtdhjbBL6qfwKDc74IJ6lJmecIN9ym8NN8LuXr79u45wUKvNym0twf1zFTssh/e2vizM8Ia3OAJOzP0HNoV2j85WMqP7FDQPtn+3kOFPud+cg4fYTuJeZlFvH/DbQb3f3+b/JqjxfSws8//uSvjSpqHKQL07A6fflGVCMucq+y4rigm5F2UMg4Amr0upwScKef8Gn5FLTfN/8p7s4X3+M6A9n0a4gsvustPpjVu0dDOE/wh939/oBKgCXB0RlSoqCFOzPogmjk7N/oUD24/y8y2/pr/ef7shNSb+Eu2x9cUO/D9ni6eCcHv1Vf7LH2VeEAO/jYQiHEbIkXpEPGXvGJWuU3OaL9aoEvioExHcMQDJAuy/2s5xuJ5khzcsPmW4YCdDFW11RjzS/JOvdikB3NSCAw5VyeUcd6LQkVOVLUn1osZIcD4FxsHhUyhc37TsoyehJbS4XwVG8YYn1WGFe6D5YafbEDd9gAwCuD2+gpzw+D3j6w10QIde6ND+GK3wbzI9p3275uzE4hjG9mNdf6SeWRom6yoot7hjfZbe3cIiH2u6OHVE+oNkdNzs9TwiYPQUBWZqGi9Wdgyk5VwPaX8+1SMZU9fOi2ylUhlQyW0qrw6FWneSAMn92xxKJX5K/djH4HFMPOXxE8KTOAOs/KnbQiIMNHMuGPd+DSQnNxyi2YK2HGjaSDWM8nIPz2Dg5F/maLspRDIaxoUCDxoGY0oD5jgWvBBiM5yiwu4eADBjDKDNf1+9LVgVxrUgMHpaDAN74wfd8MIjLtoSlYGzTxYn7Eb7FHSPmqkDt7tgRBQWa3XFrXBUEZDGuSpv2POwDCRWr50MtE5JxDvfbkaGI8Pb3qWPLl3yduD+XfxiJfhTiBHrEtgeLX7tI+y+mL5twSYpdIudX00K6jNg+tbEZUw+7OMsY0h4OsILHi82lXGyOV0Kjfs6uz1CDwQy1DzaWIYRNsLMGTt47yZt0r8VbJRss1+hxed0uDvdw6k6+eVF2S1NS0Md0tVExftYL7T2e87a0l/bfZEhik3Q8WKYQHp/3a2vXbCHjPjs9ZhFx0KQxMpEFSEI2V/6xsXTy+Ozo+OzICtfx2VH/sXFpjwPWFeuR+lcW0+EYxzx9bJIwKwfo3O8e2NI1+YogrJum3ONWFXXlGPLuR4fL7jT6nMhRVt2PLpfm27gujAtmcxDaHM4JkyRbwQVMpKapF69ZP/bw5+UQXu9Pfp4z835sOHOB+7n5yAmOjufpx/N0K0zH8/TAtjOsxRxkJ4+n6ks5VR83M3ufas80wpDz++PJus1M7O3JelerOazb53+6buh/PH36Js/dm7pL/6q2fJdZmDqDClIPdbXAsdTV1++hKKpKLLQZMKn879OrE12XslVcTQ4U0X5N/0fZrfOv2cSqix2AOPS+HVDQtRp7ziO8vqL+Bfhe1Up/GDZIh5iMupHdifrEIoQhS25LVIMJpA1Dg2dZbbFpEq7iDL84BRXCSWeqJ/nOigP00mQYcVIhBfVwPapRhlEmlbyjRkEOWJ1Wy02xtJ1Rz6oGdlIzzUADtU3GHEDpdMQedY/XPen6zVH5tL0V7ZOg3dRPM9RQ/ZNRh1BAHbnflga2Dhq7R4rilOQySOcBNr90fxftD0yTotu64mLR97ta3ZFNVPFXbKNVtW9ZkzdxXrC3MtHnqCA1yMmD9lKN+rb3RUk2tSpf/ZWcJXF1udUCvI/S+IZuoz5lf5L0p5Mnjx49P3nwMomjgnYlyc3Jg6+bJKV/3JXl9h+np0U1QPFwE6/yrMhuyoerbHMarbNT2vXH08ePT8l6c1oUayE6h9uq9FdvN/Htrr7ROqcUiurx4r+IonXtfFySGzHwRpk9FRKIpnlxKo/xQlKhBj2j+qeT9EvEXg7RbfD76Os7kt6Wdz+dPH908uDDLknYTd9PJzdRoj6Al5FWlIRF2QT6iEj/1yb6+r95VGUuRwPxWw3tZMlft89cqZ+ZeQJYH42ovnMXlXDMqkH95Ht33GZ1eeaM802clCTnz/2cZ1lFepH+QqhdohMZHPH5hqXI6IOpRhqgDae/3CXtuj0QM8VWliRlCSFafJ9ZIXdn/VLPtwNQpx5nB0B6Xvwar9cktefX2mBgro6vqQDB0PV7sGF54v7xc8RoEH8/msF6/MhEs721FzcT0xv7mDkolTfd2qn1R/Z15imDIhW9nl9mV8SaG8ntq/GcEBvUdRLkGuearOJNlDBHjf6LGVCKkrpmzNelzU/CTnYlloOZaLsJ+t59gqizvLuJVmWd5EdrQNxxV1MwBtI6sFaD+Kkz3uZ+r31MX8eJNIpL/13G7FzeFWVtdfw+AQei24Qp7Q5oHNHUL8aDjOH4LXttpDT3fBb7JKG3zv91X1fpbpuUFqjdJ6rP/Gi/D7BX5BALDcNDf7yJE4Jiclj7unrm3iQxn2BXtrkhtLbVFbVcOzAocpZE8QMp/87yP99lt20E7TB7xUJn//4tjXblHVuoqija12meJUO2D2c56aNxcfqscFXEJGZktgKs8IWx9Kts0wSdhCGPx3hJoqL/qI1K7mhcm8/xQFwl43ds3lUAq8EdS5Jpxrwkx65ZtC/y2yiNi2pZ6Cq2B7GW3cmZaeNuJ4m4KPP4847RyXt3PmsDz3OU/JbGpZFGG+ZfpzdZXu8iWxmcZSnLuMxNn4+JbBDjZPsgrfw0Zj1evmoyhQ3Bxq9lzMtIXq438SCmm8WGCp4lcL0kMUuF/Tb7XNnkutTB4s6seCkER849iGp9bOUccOjmiRujiXnqNw3BB/sjzklC7U2zwAQax3F1qzzEb2Vt81gmbPe7duvkbrtN4vAHCR2RzZP9wDJgpnbMXTrD/89d1Ez6gN1TtaKH2oy1hwa/R0m8poY4Tob6rC1GZJr8TvSrdNFBXOougetYatrQGkSWHbEhhdnHBAdAtvw11mepwJIm7O2iYXNQYoWID3S3PsqwvRFuki7Y23UrxH0OhsCIuTj9gUsm9km6rWnWms4mcCGhDh6KQjeJdMt5b/SDPGz31S43qqAH2l9iuj8cg96Pd1lKLA6RPe7sXm/ogiOdFcC4TceWTmoJJUCyU07s+c304VXj2EdzFI7PoZYpassH5+hhW0zAB7dEj3JBcFyul7tcAysbkEPJOkzQZgAun9IYeIWUSkH1WEiuNPYWoDIvSIYSO/Ni88gU6NbueqD0FGb7BA0a/M6ao2/gRzTqxWj7uNznzMAlGPBA1p7xgvwGqKRt/Ghw5bnYUsmux1s6a/xh7sK/bsmKqsBZkhVhzsdqTF7M26MPQWidqqW7Hrr1jkT5lSTrocT0mEaTXD+EVYCPx5avHuGSROv7NxldzEu6Gw4jGBHnyCKqBwkVgMFjHI3wP6KYlXCiEqp8jxU/u+EXrcq7Xsjxz1Rx48MkdnCbzaYu3vEc+LixPG4sJ9hY0u/t0N6dLNiEjBhQN8dTFirpd9ntUW3GVpvx7bhNVKSLWrRJZg5HNyqOhinIYA3jkuwOPePiE+yGVdYKdZtbL0TIhZC8d9iuScraG3TBbnCH5Pzq3csqCTkpQjD/MY+riMoWD93Y3Zu10PmrP5BP3ngr7nMBOeL6X2eh1d3iu29p+Yy0Wkl4CKIKFmwVfEjcoZ9aAx8bl5JwVH+blZHv4ud8vhawdrz5gxm8/LzLiuKC7khYKHwIg/SaPU6wexToc2aIfmpetvjTXZxTs0J/OIt2BekE6RP/L+MaIwJHHuOPO308xTOfCPoyJUVBCvZn0YTkqNlBRFvhwcrPu/w2ifL7T3fkpqRfz122vrihX1au58gnbKn5k72+uyIkyLPFj1kSr8iHjL1sGKY2IqarcpTvRhwkvADOcoqCZXjLyw+Zlvin7sRfkhX1wfJLst6tiHhajaR+cr+DK+9Y5RzqXZCicjTyMjbovM+5GJX1xU37sGD41VkUb1iinStqcMPcxXEIR/Gm62D1kWLg+ar1Q/C7rvrtC4R9WvRff2WOdJS4+sNWDkCD+112exvG1rQY7SZ4AMns0DQhFi/Hh2vNhyzdR8U5LzontzIXQ1a+5olonN6e3bHUlpfkr10c6N0NhnsUsyYPZnWi4414EhY+RvEoHDC8ozDQrqoX+ZquBFEcKOwDQDsB+ZYL2aBBQnkNCtKRPIcvWRUasSJxoGNDCeVIx4csfZFFphePRavFHW6dbTGOts62A0yxzra5LYeF1i7wDLNlbNhCPuI1wdLvMvbq6iEcleMEWIZ83auvGBhkAH15wPFOiNuP9kBs0PEeZcx7lFFSvdTPHUd5Po9V8Rvxiw2C/CNftC8APqBcn+UFmJMdAUvc7a0p2bOHiHsWtVN/8f7PnD2flo385Hn8t2fH58+SCh1cTProj8WOMetTWs1jzPqex6w3ictJlyzwQOzMxyYFoWFenj31x5yuydchZ0HmSJXn7ucCackFTFKkn+M0yu89k6Ay2EFRFlVAWhVaESpp9comw7T9o79gC5HjB3eQR6Q9ayESvo+a4+B4YHo8MD0emOqs04HYpOOR6bih56OcbPYZeo6Hpvt7aNpVYjs4F2cvjy/27Ai1SVr/r2r3cJkdq5Zoz02HvLcBJpjFGBZvCy/b5RKSOazSJu0NV/8GQXVluPU9BpTqbEn03wxJlFtHprkiD5MdzOdd8zANqLDsgRr0dB51QV+ydZhKSMiWrhkQuUcFMVRwH6ghErbFqwhEr/VlxjekN3Rnl63iymHsh27HbUgoJI15na4fMO+yz5nWUHZFkpuH3W/v6V4p3ibxig5LXTSFZQFNq5sSpu5nEdm/KciaS6UyZk9j0qLMI2oLVG2L01W8jRKJfAnO0i1mQu0wyi2vyJakzN9VWbQZDVV9NmiHW/ooTDJ4ccrNtl4JuCo615K5xbWBryzNz6PwuziRjx4+1CmGXJhcxcq1jaIiaLXscdREW4kdGVKqeDSjvlzjtcXH1xIA2SHpxJ6pwse6ql2jESab0UADU9i12K8m86jDR6hO7EIU4mNfUnpGlaiKLFkqRF2XUJ3C5vc9MA9AZcWFaENX7GrOlYJPco/qQtXIz1v9w6JnX2Vo9mmXCwoswAbIpRon9xacDMw++w32dgguoDm3svTRvNd4ydpBs2upLFxYMYKYhziclUVb9xFVpaUsNLIOtXeFw9ac/VGZaZcjH13hb29nUZS+ut71uJrBlfGT0bQ/77UOYGUKkdFmn3TOLIzuhkqV+WRsB2MHdBUI90APxl8ejoqAjriIlYD3N6VLJNzplAGF1V5p3CvDoRfCYnQHehQ1o9spVkqc+rRDqtOo+p4ywF5bGnNtSmTcBZ2LSPoCHe74nGnti6o4HGYZHnhPoDZWD82nUB0WKAdXLRvjhl5GcRB38ntxGc/m+UIovTmeezrdRE+1PNjOsijhWSdbLDU6qsPw7c63Ws91tvlWi6Qe53yUOYer0c4873AN2KMGjKgBeNnd2XVBLKh71IJRtUCtXjzbuRPz5PGomON0D5nuBWzw9dNrvaFfzBTPsWN3+7qXsUHnjpPVcpROE2eYd+SMWGoZa8s+0dfueCgMlp6YZe4n2bjPqAITWvx9u1QSFWERd0rz6socN0ruerOYCyW+QvrIawj80EZs2PMVxO1pzcwLSD/vk6wfs03/hKuH2/wvYfF4l92O/NnTEWQM1U97/qkzHvbgI2fzO8nnPek0T/hJ287zEj7mOqNFm8VD+7C6LmYuTVjzo9O8t6OBuEa9yAXqsY+mBR03lp98BT+7KjRX+CMa9/lmf6ETv4g571KgjmrxZ5r7CW2/0+QLeWdnVwEuv+zYx/5HPRCGkzL7zqUJrLZuV6J25FVAGEvGJTVaaNfClwSRoT1YF0RVUKqbj20f/LVj/yyFu26Axebn1JS2GvcENqMr/A0oRd92GBYDLnKODLkAg8HVZb/WFRGfwnrwNeIBVRGaD8GC8AxZuZ6GIu9L1aNA+5SjEo2hRIvYz5g06GMUHxVooQrUzs2S9OfjjiW3LMhFvib5ZRQXR/uzFPVBpmax2jPl9umoOw66s5SNFK855+mXrIoJXpF4omO5o95YjKpOy5K0ZvwduL+C7Os+3FVF5tyKM30U6xJetz9prUcFIFuQ+ke3VCJSUUQI5SQP/VWOx9ERgCmbUdtuS1OUcfPMLEU5Fq4YS1KKCS6Gj5qxJ7fFgHpMdWl81JG9uUlGteSoJEtSktl1pKlAOFGKu7aEpYyn+33vNQEs0okMN3voafXCmKN63JfGRwVYlJtZv4dtUtxOl1oMSHUrNhzMw2SBLZuRF/NCuSZEybE++kN1eVwA40TZ1OfQFK9s6kvUlqmyqc+rKFMtKl7KMbtroZqQJTxxXoLezPHQ2c/ALOWtc1P+jlIX38QrVrdz0vWIGxgqNci3HtiKxPO2h0uSdP7R/2hQHOUahv/ZdZHSHIXAACPq0FTXMSBj9go065WMRnWm2B4tSV3mMDneSrNUqzPB1c2SNGdar3gvL3BANZnqCueoK3t2kaPRlqOyLE9ZFqAr013pCOPBZdgPRiP26mKnyS4qUD5+ntF51WHGbbKDaizGWW1yjFztqioWxfVVtss1WxyrsFWZj4v0FUlISR68XLGRfzo5i4pVtCbKhJ/SgTQj93TKNPAte56xhGPFZkA2f7OmJueV5xN7N1TqlAeZP2TyDlWVXCYYmlxME/BCNONqYAMOKqKpj5bsKfNuuVlBlwRcYylxm9cE0WSl+ZAyeTlqaD3Fy1Ky/bGWS1G0ZdtNT9XcZ+PZOb59BmJbGyp1hfcJcGLZkRRdGhXRdw3UiPsZt8y0oXa6Cov2W5teJxapnHtie5epksu2xMO0d98NshSs4WSRh0TcjPUBSMNiX4AG7HCid3AmreyyrBrLVNJ9scwLVcyF2+ZhKrxXxvk17VPe0z4l7UHyNl9gtiZv4rwoX0Vl9DkqVHPMel2RsoNPb+LbXV6hPy/J5uRBDcIpGQBztbojm+ink/XnjOpj9DmRUQHn9+LAqsFXxlVBoGFlqMI4NP+RKIPyjdBwnC0x8yjvM1QWZQiQQxHIdtz3VBUSdMymFR+vArAdCx1GN4ItcvrR3cQJPkbXjg/VgNiO+HNUru7Q8ZpWfLQKwG0wPh5YNywPZyCgBzVTUl/JKgPXP0PjsBY7tO2DGxB524gNUbfbDaQVoQyADegitFrWVS8uLAGZPRkMnzwR0sqcwXYMNWBWOHH7qDWOdpbxrVjqCxrFNFsCiNWIOkMsNiPjOZjgt019E2igqgEZgrZZIe+zp0Mj9K3IMH0RENuxNAPpR7EaQsrzDA0lgSBDClDWQ/dZjLCRewjNwA1QbD+wkEEJG1sA0gzfw9lQAL2QB82mDISZThHOngDNsPrB7IbowkHAUbpWbKAurMVuNUBXO7EZt/62K576jAgZ0s5jcF/3hBcpmGPLw2hc2x7MdnSj5sJgOA2u2ss/1tAMbhrSYROhZVSrx1KAlmnEl7vyLsvjf1UbObaxBkYFYKCRFTAry2jaoFns0Qr+0MdlQdUOrABpFz4nEjSH7KZdo4kgef/oRpfmhMm4YzdSJu/dtaRxByGKpyp25CBFt1UAk89ohFNAnkM6GvebcrYDnx6KXbuf5TNAkSkLhrnd+bU8sxDnWnicFeAMoeJF+F0jCuTsg8PBtQUSyrVAHCYKAWpsAQBdg7HbHGpcd6cpGMcyoIlo6cCFo71rmZXx6njDzLYIZiJYOPPhqG5+n5Xh69ozaR7u4JotgOEE86c9Fbn1D4uY05tol5RW3zHaY+xv2klThglESY7SjKGVCdJp7A8AOceUMfEQI4mqe5JiLSf4EUuQj2YOsfRHp9eYHGSQkIyrx75dv/bnICxyE6hjUwYLzSoyuXJTaJZ1Wo6BHgjr6s2gUQSmiAptoAr/ySqNCxERdHlg6TfoOoU3iPCFCWcPZYBxRNP6L5ZCgd99+bhIixDJ2/ppTb0nBbfLXfMo22S5TyCWLraEKq7OMgJQIVV8PNbOkqwwsyZB7QdrtY7/ShIjewDkPrF4SaL1/ZssvyTlLk/tmEX67BfbjHSz8iLQy2e1ynBbX6fCjkjduHxGmnMEjBW+OfRKOJoSck5ghRPUPQloEJkyPOIBSi2BWTV8a2NvDuZi22ZnYOgxxcZgUvEIT1QQgYgwQdUfvgMQG8KyadB9ADCw6k/F8rvsVjOnbWvQ2eSimtou1U+h2DHMnQASeNbGZK1+nsuFXYHcyVBacoWwrJbg5kc9o3LwmNA52LrbYtNoqAASVE0nZrFPv2dgFMnTN1x5J2aYTyRnYBnNObcvTAsxhRptVuGCqjQYI9l2lhrDs32WRPGGbkM3XWFbGyGovQJrwBxCEQpw4lLA63SG0AQ5bJTnuW8LxbKuyPol+WsX51pb4IRiBA0Bwmx5eQnNU4jMtFzY9/8GhNUWiveUVdf9AEWF1au3k5RVtfsDFJTFCuZY1v0whARVIbcTkbF++WEISL/ea0tzh1jyJ2VffdHRF5dGDrmtalErmsCH0HfaUP9ouFmH3wAIOILemSI8OogjePzFAkSg9WW08AcoDMO22NDjYAXiLI+DEYeSJRuRgj6bdgDmpQdEXcfu9zCXoBxK/DJUANo/RvmHesYwIk3lywCXptCjQ65vsGhL+ZGgkW1DVcdgrGsDa0eIr3OKMp4mwHhGEdjctpo7TXHhOo+ogGJyqIRMheeCfTLAw10OgdAaSAx4hTRUGpZF1QD2lP0E/7NROBofAQYYU0SO4hlJXxYiEu0+w9AjvNFdiFAM+w1jnwMXjIdcDkwsNvsPBDK8ECDXXGoJ+xJYtxOBAUdacidg/C1caQUP7tfmbR16XvkWfQn/NuRjeJmVJrunBdNQHlCZCbe3/POJAC0woYsyctWA4eFGiDSU5nFEolUNu+oJYfVjcrF0FgfPpq9bHSxz8MPmzz0LhA4PIjUN1KjCw1XLotdYGrYAkVkkC4dk5ppjfKwjA2PmGxDndCLUqJ1rBuyQejeh2FgKbYaxy4Lctb04rfMNNT/QP8ssj26brLbVry9OL1mcyIbUf70i1avXFsULijMlVQbvHmkLc57eZG0qaImiFqRtbiaSXdCuozJ6yU5XolVJm1eEuvvp7cmD36NkR0Febz6T9Xl6sSu3u5KyTDafE+EmlyWR1o3/4lSh+cXFlv1VhGCBkhlTFshF+vMuTtYd3W+ipJAmDUPBslP/Qujv9VyW9P/J7X2H6QO1QXaIGvF1SbW7BFIX6VX0heC0mWUoSuzFqzi6zaNN0eDo+9M/qfqtN1//4/8DZrbY8fTlAwA=</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/Disco.Models/Disco.Models.csproj b/Disco.Models/Disco.Models.csproj
index bcfee045..5f02c943 100644
--- a/Disco.Models/Disco.Models.csproj
+++ b/Disco.Models/Disco.Models.csproj
@@ -59,7 +59,9 @@
     <Compile Include="Repository\Device\Flag\DeviceFlag.cs" />
     <Compile Include="Repository\Device\Flag\DeviceFlagAssignment.cs" />
     <Compile Include="Repository\Device\DeviceComment.cs" />
+    <Compile Include="Repository\FlagType.cs" />
     <Compile Include="Repository\User\UserComment.cs" />
+    <Compile Include="Repository\FlagPermission.cs" />
     <Compile Include="Services\Devices\DeviceFlags\DeviceFlagExportOptions.cs" />
     <Compile Include="Services\Devices\DeviceFlags\DeviceFlagExportRecord.cs" />
     <Compile Include="Services\Documents\DocumentExportOptions.cs" />
diff --git a/Disco.Models/Repository/Device/Flag/DeviceFlag.cs b/Disco.Models/Repository/Device/Flag/DeviceFlag.cs
index 1f098eb3..120bc999 100644
--- a/Disco.Models/Repository/Device/Flag/DeviceFlag.cs
+++ b/Disco.Models/Repository/Device/Flag/DeviceFlag.cs
@@ -1,5 +1,7 @@
-using System.Collections.Generic;
+using Disco.Models.Services.Authorization;
+using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations.Schema;
 
 namespace Disco.Models.Repository
 {
@@ -27,11 +29,20 @@ namespace Disco.Models.Repository
         [DataType(DataType.MultilineText)]
         public string OnUnassignmentExpression { get; set; }
 
+        [Column("Permissions")]
+        public string PermissionsJson { get; set; }
+        [NotMapped]
+        public FlagPermission Permissions
+        {
+            get => FlagPermission.FromFlag(this);
+            set => PermissionsJson = value?.ToJson();
+        }
+
+        public int? DefaultRemoveDays { get; set; }
+
         public virtual IList<DeviceFlagAssignment> DeviceFlagAssignments { get; set; }
 
         public override string ToString()
-        {
-            return Name;
-        }
+            => Name;
     }
 }
diff --git a/Disco.Models/Repository/Device/Flag/DeviceFlagAssignment.cs b/Disco.Models/Repository/Device/Flag/DeviceFlagAssignment.cs
index f73f8ec6..a7b7d1b1 100644
--- a/Disco.Models/Repository/Device/Flag/DeviceFlagAssignment.cs
+++ b/Disco.Models/Repository/Device/Flag/DeviceFlagAssignment.cs
@@ -19,26 +19,28 @@ namespace Disco.Models.Repository
         public string AddedUserId { get; set; }
         public DateTime? RemovedDate { get; set; }
         public string RemovedUserId { get; set; }
+        public DateTime? RemoveDate { get; set; }
+        public string RemoveUserId { get; set; }
 
         public string Comments { get; set; }
 
         public string OnAssignmentExpressionResult { get; set; }
         public string OnUnassignmentExpressionResult { get; set; }
 
-        [ForeignKey(nameof(DeviceFlagId)), InverseProperty("DeviceFlagAssignments")]
+        [ForeignKey(nameof(DeviceFlagId)), InverseProperty(nameof(Repository.DeviceFlag.DeviceFlagAssignments))]
         public virtual DeviceFlag DeviceFlag { get; set; }
 
-        [ForeignKey(nameof(DeviceSerialNumber)), InverseProperty("DeviceFlagAssignments")]
+        [ForeignKey(nameof(DeviceSerialNumber)), InverseProperty(nameof(Repository.Device.DeviceFlagAssignments))]
         public virtual Device Device { get; set; }
 
-        [ForeignKey("AddedUserId")]
+        [ForeignKey(nameof(AddedUserId))]
         public virtual User AddedUser { get; set; }
-        [ForeignKey("RemovedUserId")]
+        [ForeignKey(nameof(RemovedUserId))]
         public virtual User RemovedUser { get; set; }
+        [ForeignKey(nameof(RemoveUserId))]
+        public virtual User RemoveUser { get; set; }
 
         public override string ToString()
-        {
-            return $"Device Flag Id: {DeviceFlagId}; Device Serial Number: {DeviceSerialNumber}; Added: {AddedDate:s}";
-        }
+            => $"Device Flag Id: {DeviceFlagId}; Device Serial Number: {DeviceSerialNumber}; Added: {AddedDate:s}";
     }
 }
diff --git a/Disco.Models/Repository/FlagPermission.cs b/Disco.Models/Repository/FlagPermission.cs
new file mode 100644
index 00000000..efd64b24
--- /dev/null
+++ b/Disco.Models/Repository/FlagPermission.cs
@@ -0,0 +1,121 @@
+using Newtonsoft.Json;
+using System;
+using System.Collections.Generic;
+
+namespace Disco.Models.Repository
+{
+    public class FlagPermission
+    {
+        private static readonly FlagPermission DefaultDeviceFlagPermissions = new FlagPermission(FlagType.Device, 0);
+        private static readonly FlagPermission DefaultUserFlagPermissions = new FlagPermission(FlagType.User, 0);
+
+        [JsonIgnore]
+        public FlagType FlagType { get; }
+        [JsonIgnore]
+        public int FlagId { get; }
+        public bool Inherit { get; set; }
+        public HashSet<string> CanShowSubjectIds { get; }
+        public HashSet<string> CanAssignSubjectIds { get; }
+        public HashSet<string> CanEditSubjectIds { get; }
+        public HashSet<string> CanRemoveSubjectIds { get; }
+
+        private FlagPermission(FlagType flagType, int flagId)
+        {
+            FlagType = flagType;
+            FlagId = flagId;
+            Inherit = true;
+            CanShowSubjectIds = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+            CanAssignSubjectIds = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+            CanEditSubjectIds = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+            CanRemoveSubjectIds = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+        }
+
+        public bool IsDefault()
+        {
+            return ReferenceEquals(this, DefaultDeviceFlagPermissions) ||
+                ReferenceEquals(this, DefaultUserFlagPermissions);
+        }
+
+        public bool IsSimple()
+        {
+            return CanShowSubjectIds.SetEquals(CanAssignSubjectIds) &&
+                   CanAssignSubjectIds.SetEquals(CanEditSubjectIds) &&
+                   CanEditSubjectIds.SetEquals(CanRemoveSubjectIds);
+        }
+
+        public bool HasSubjects()
+        {
+            return CanShowSubjectIds.Count > 0 ||
+                   CanAssignSubjectIds.Count > 0 ||
+                   CanEditSubjectIds.Count > 0 ||
+                   CanRemoveSubjectIds.Count > 0;
+        }
+
+        public HashSet<string> AllSubjects()
+        {
+            var allSubjects = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+            allSubjects.UnionWith(CanShowSubjectIds);
+            allSubjects.UnionWith(CanAssignSubjectIds);
+            allSubjects.UnionWith(CanEditSubjectIds);
+            allSubjects.UnionWith(CanRemoveSubjectIds);
+            return allSubjects;
+        }
+
+        public static FlagPermission FromFlag(UserFlag userFlag)
+        {
+            if (userFlag.PermissionsJson == null)
+                return DefaultUserFlagPermissions;
+
+            var permission = new FlagPermission(FlagType.User, userFlag.Id);
+
+            JsonConvert.PopulateObject(userFlag.PermissionsJson, permission);
+
+            return permission;
+        }
+
+        public static FlagPermission FromFlag(DeviceFlag deviceFlag)
+        {
+            if (deviceFlag.PermissionsJson == null)
+                return DefaultDeviceFlagPermissions;
+
+            var permission = new FlagPermission(FlagType.Device, deviceFlag.Id);
+
+            JsonConvert.PopulateObject(deviceFlag.PermissionsJson, permission);
+
+            return permission;
+        }
+
+        public static FlagPermission Create(UserFlag userFlag, bool inherit, IEnumerable<string> canShow, IEnumerable<string> canAssign, IEnumerable<string> canEdit, IEnumerable<string> canRemove)
+        {
+            var permission = new FlagPermission(FlagType.User, userFlag.Id);
+            return Create(permission, inherit, canShow, canAssign, canEdit, canRemove);
+        }
+
+        public static FlagPermission Create(DeviceFlag deviceFlag, bool inherit, IEnumerable<string> canShow, IEnumerable<string> canAssign, IEnumerable<string> canEdit, IEnumerable<string> canRemove)
+        {
+            var permission = new FlagPermission(FlagType.Device, deviceFlag.Id);
+            return Create(permission, inherit, canShow, canAssign, canEdit, canRemove);
+        }
+
+        private static FlagPermission Create(FlagPermission permission, bool inherit, IEnumerable<string> canShow, IEnumerable<string> canAssign, IEnumerable<string> canEdit, IEnumerable<string> canRemove)
+        {
+            permission.Inherit = inherit;
+            if (canShow != null)
+                permission.CanShowSubjectIds.UnionWith(canShow);
+            if (canAssign != null)
+                permission.CanAssignSubjectIds.UnionWith(canAssign);
+            if (canEdit != null)
+                permission.CanEditSubjectIds.UnionWith(canEdit);
+            if (canRemove != null)
+                permission.CanRemoveSubjectIds.UnionWith(canRemove);
+            return permission;
+        }
+
+        public string ToJson()
+        {
+            if (IsDefault())
+                return null;
+            return JsonConvert.SerializeObject(this);
+        }
+    }
+}
diff --git a/Disco.Models/Repository/FlagType.cs b/Disco.Models/Repository/FlagType.cs
new file mode 100644
index 00000000..9bbed67b
--- /dev/null
+++ b/Disco.Models/Repository/FlagType.cs
@@ -0,0 +1,8 @@
+namespace Disco.Models.Repository
+{
+    public enum FlagType
+    {
+        User = 1,
+        Device = 2,
+    }
+}
diff --git a/Disco.Models/Repository/User/Flag/UserFlag.cs b/Disco.Models/Repository/User/Flag/UserFlag.cs
index e5e18fb9..859439e0 100644
--- a/Disco.Models/Repository/User/Flag/UserFlag.cs
+++ b/Disco.Models/Repository/User/Flag/UserFlag.cs
@@ -1,5 +1,7 @@
-using System.Collections.Generic;
+using Disco.Models.Services.Authorization;
+using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations.Schema;
 
 namespace Disco.Models.Repository
 {
@@ -27,11 +29,20 @@ namespace Disco.Models.Repository
         [DataType(DataType.MultilineText)]
         public string OnUnassignmentExpression { get; set; }
 
+        [Column("Permissions")]
+        public string PermissionsJson { get; set; }
+        [NotMapped]
+        public FlagPermission Permissions
+        {
+            get => FlagPermission.FromFlag(this);
+            set => PermissionsJson = value?.ToJson();
+        }
+
+        public int? DefaultRemoveDays { get; set; }
+
         public virtual IList<UserFlagAssignment> UserFlagAssignments { get; set; }
 
         public override string ToString()
-        {
-            return Name;
-        }
+            => Name;
     }
 }
\ No newline at end of file
diff --git a/Disco.Models/Repository/User/Flag/UserFlagAssignment.cs b/Disco.Models/Repository/User/Flag/UserFlagAssignment.cs
index 107e0c03..f37a3026 100644
--- a/Disco.Models/Repository/User/Flag/UserFlagAssignment.cs
+++ b/Disco.Models/Repository/User/Flag/UserFlagAssignment.cs
@@ -19,26 +19,28 @@ namespace Disco.Models.Repository
         public string AddedUserId { get; set; }
         public DateTime? RemovedDate { get; set; }
         public string RemovedUserId { get; set; }
+        public DateTime? RemoveDate { get; set; }
+        public string RemoveUserId { get; set; }
 
         public string Comments { get; set; }
 
         public string OnAssignmentExpressionResult { get; set; }
         public string OnUnassignmentExpressionResult { get; set; }
 
-        [ForeignKey("UserFlagId"), InverseProperty("UserFlagAssignments")]
+        [ForeignKey(nameof(UserFlagId)), InverseProperty(nameof(Repository.UserFlag.UserFlagAssignments))]
         public virtual UserFlag UserFlag { get; set; }
 
-        [ForeignKey("UserId"), InverseProperty("UserFlagAssignments")]
+        [ForeignKey(nameof(UserId)), InverseProperty(nameof(Repository.User.UserFlagAssignments))]
         public virtual User User { get; set; }
 
-        [ForeignKey("AddedUserId")]
+        [ForeignKey(nameof(AddedUserId))]
         public virtual User AddedUser { get; set; }
-        [ForeignKey("RemovedUserId")]
+        [ForeignKey(nameof(RemovedUserId))]
         public virtual User RemovedUser { get; set; }
+        [ForeignKey(nameof(RemoveUserId))]
+        public virtual User RemoveUser { get; set; }
 
         public override string ToString()
-        {
-            return $"User Flag Id: {UserFlagId}; User Id: {UserId}; Added: {AddedDate:s}";
-        }
+            => $"User Flag Id: {UserFlagId}; User Id: {UserId}; Added: {AddedDate:s}";
     }
 }
\ No newline at end of file
diff --git a/Disco.Models/UI/Config/DeviceFlag/ConfigDeviceFlagShowModel.cs b/Disco.Models/UI/Config/DeviceFlag/ConfigDeviceFlagShowModel.cs
index 03aa27d1..33f6cb19 100644
--- a/Disco.Models/UI/Config/DeviceFlag/ConfigDeviceFlagShowModel.cs
+++ b/Disco.Models/UI/Config/DeviceFlag/ConfigDeviceFlagShowModel.cs
@@ -1,4 +1,5 @@
-using System.Collections.Generic;
+using Disco.Models.Repository;
+using System.Collections.Generic;
 
 namespace Disco.Models.UI.Config.DeviceFlag
 {
@@ -11,5 +12,7 @@ namespace Disco.Models.UI.Config.DeviceFlag
 
         IEnumerable<KeyValuePair<string, string>> Icons { get; set; }
         IEnumerable<KeyValuePair<string, string>> ThemeColours { get; set; }
+
+        FlagPermission Permission { get; set; }
     }
 }
diff --git a/Disco.Models/UI/Config/UserFlag/ConfigUserFlagShowModel.cs b/Disco.Models/UI/Config/UserFlag/ConfigUserFlagShowModel.cs
index af582107..9df83259 100644
--- a/Disco.Models/UI/Config/UserFlag/ConfigUserFlagShowModel.cs
+++ b/Disco.Models/UI/Config/UserFlag/ConfigUserFlagShowModel.cs
@@ -1,4 +1,5 @@
-using System.Collections.Generic;
+using Disco.Models.Repository;
+using System.Collections.Generic;
 
 namespace Disco.Models.UI.Config.UserFlag
 {
@@ -11,5 +12,7 @@ namespace Disco.Models.UI.Config.UserFlag
 
         IEnumerable<KeyValuePair<string, string>> Icons { get; set; }
         IEnumerable<KeyValuePair<string, string>> ThemeColours { get; set; }
+
+        FlagPermission Permission { get; set; }
     }
 }
\ No newline at end of file
diff --git a/Disco.Services/Authorization/Claims.cs b/Disco.Services/Authorization/Claims.cs
index 6a54270c..1281e6e1 100644
--- a/Disco.Services/Authorization/Claims.cs
+++ b/Disco.Services/Authorization/Claims.cs
@@ -18,7 +18,7 @@ namespace Disco.Services.Authorization
 
         static Claims()
         {
-#region Role Claim Dictionary
+            #region Role Claim Dictionary
             _roleClaims = new Dictionary<string, Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool>>()
             {
                 { "Config.DeviceCertificate.DownloadCertificates", new Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool>(c => c.Config.DeviceCertificate.DownloadCertificates, (c, v) => c.Config.DeviceCertificate.DownloadCertificates = v, "Download Certificates", "Can download certificates", false) },
@@ -242,9 +242,9 @@ namespace Disco.Services.Authorization
                 { "ComputerAccount", new Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool>(c => c.ComputerAccount, (c, v) => c.ComputerAccount = v, "Computer Account", "Represents a computer account", true) },
                 { "DiscoAdminAccount", new Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool>(c => c.DiscoAdminAccount, (c, v) => c.DiscoAdminAccount = v, "Disco Administrator Account", "Represents a Disco ICT Administrator account", true) }
             };
-#endregion
+            #endregion
 
-#region Role Claim Navigator
+            #region Role Claim Navigator
             _claimNavigator =
                 new ClaimNavigatorItem("Claims", "Permissions", "Top-level node for all permissions", false, new List<IClaimNavigatorItem>() {
                     new ClaimNavigatorItem("Config", "Configuration", "Permissions related to Disco ICT Configuration", false, new List<IClaimNavigatorItem>() {
@@ -524,7 +524,7 @@ namespace Disco.Services.Authorization
                     new ClaimNavigatorItem("ComputerAccount", true),
                     new ClaimNavigatorItem("DiscoAdminAccount", true)
                 });
-#endregion
+            #endregion
         }
 
         public static ClaimNavigatorItem RoleClaimNavigator
@@ -532,31 +532,36 @@ namespace Disco.Services.Authorization
             get { return _claimNavigator; }
         }
 
-        internal static Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool> GetClaimDefinition(string ClaimKey) {
+        internal static Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool> GetClaimDefinition(string ClaimKey)
+        {
             if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
                 return claimDef;
             throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
         }
 
-        public static Func<RoleClaims, bool> GetClaimAccessor(string ClaimKey) {
+        public static Func<RoleClaims, bool> GetClaimAccessor(string ClaimKey)
+        {
             if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
                 return claimDef.Item1;
             throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
         }
 
-        public static Action<RoleClaims, bool> GetClaimSetter(string ClaimKey) {
+        public static Action<RoleClaims, bool> GetClaimSetter(string ClaimKey)
+        {
             if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
                 return claimDef.Item2;
             throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
         }
 
-        public static Tuple<string, string, bool> GetClaimDetails(string ClaimKey) {
+        public static Tuple<string, string, bool> GetClaimDetails(string ClaimKey)
+        {
             if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
                 return Tuple.Create(claimDef.Item3, claimDef.Item4, claimDef.Item5);
             throw new ArgumentException("Unknown Claim Key", "ClaimKey");
         }
 
-        public static RoleClaims BuildClaims(IEnumerable<string> ClaimKeys){
+        public static RoleClaims BuildClaims(IEnumerable<string> ClaimKeys)
+        {
             var c = new RoleClaims();
             foreach (var claimKey in ClaimKeys)
                 c.Set(claimKey, true);
@@ -570,9 +575,10 @@ namespace Disco.Services.Authorization
             return _roleClaims.Where(rc => rc.Value.Item1(claims)).Select(rc => rc.Key).ToList();
         }
 
-        public static RoleClaims AdministratorClaims() {
+        public static RoleClaims AdministratorClaims()
+        {
             var c = new RoleClaims();
-#region Set All Administrator Claims
+            #region Set All Administrator Claims
             c.Config.DeviceCertificate.DownloadCertificates = true;
             c.Config.Enrolment.Configure = true;
             c.Config.Enrolment.DownloadBootstrapper = true;
@@ -792,17 +798,19 @@ namespace Disco.Services.Authorization
             c.User.ShowFlagAssignments = true;
             c.User.ShowJobs = true;
             c.DiscoAdminAccount = true;
-#endregion
+            #endregion
             return c;
         }
 
-        public static RoleClaims ComputerAccountClaims() {
-            return new RoleClaims() {
+        public static RoleClaims ComputerAccountClaims()
+        {
+            return new RoleClaims()
+            {
                 ComputerAccount = true
             };
         }
 
-#region Role Claim Constants
+        #region Role Claim Constants
 
         /// <summary>Configuration
         /// <para>Permissions related to Disco ICT Configuration</para>
@@ -2099,7 +2107,7 @@ namespace Disco.Services.Authorization
         /// <para>Represents a Disco ICT Administrator account</para>
         /// </summary>
         public const string DiscoAdminAccount = "DiscoAdminAccount";
-#endregion
+        #endregion
     }
     public static class ClaimExtensions
     {
diff --git a/Disco.Services/Authorization/Claims.tt b/Disco.Services/Authorization/Claims.tt
index f6c0d450..cc1eba8f 100644
--- a/Disco.Services/Authorization/Claims.tt
+++ b/Disco.Services/Authorization/Claims.tt
@@ -66,17 +66,17 @@ namespace Disco.Services.Authorization
 
         static Claims()
         {
-#region Role Claim Dictionary
+            #region Role Claim Dictionary
             _roleClaims = new Dictionary<string, Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool>>()
             {
 <#WriteAccessHashes(permissionRoot);#>
             };
-#endregion
+            #endregion
 
-#region Role Claim Navigator
+            #region Role Claim Navigator
             _claimNavigator =
 <#WriteNavigator(permissionRoot);#>;
-#endregion
+            #endregion
         }
 
         public static ClaimNavigatorItem RoleClaimNavigator
@@ -84,31 +84,36 @@ namespace Disco.Services.Authorization
             get { return _claimNavigator; }
         }
 
-        internal static Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool> GetClaimDefinition(string ClaimKey) {
+        internal static Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool> GetClaimDefinition(string ClaimKey)
+        {
             if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
                 return claimDef;
             throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
         }
 
-        public static Func<RoleClaims, bool> GetClaimAccessor(string ClaimKey) {
+        public static Func<RoleClaims, bool> GetClaimAccessor(string ClaimKey)
+        {
             if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
                 return claimDef.Item1;
             throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
         }
 
-        public static Action<RoleClaims, bool> GetClaimSetter(string ClaimKey) {
+        public static Action<RoleClaims, bool> GetClaimSetter(string ClaimKey)
+        {
             if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
                 return claimDef.Item2;
             throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
         }
 
-        public static Tuple<string, string, bool> GetClaimDetails(string ClaimKey) {
+        public static Tuple<string, string, bool> GetClaimDetails(string ClaimKey)
+        {
             if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
                 return Tuple.Create(claimDef.Item3, claimDef.Item4, claimDef.Item5);
             throw new ArgumentException("Unknown Claim Key", "ClaimKey");
         }
 
-        public static RoleClaims BuildClaims(IEnumerable<string> ClaimKeys){
+        public static RoleClaims BuildClaims(IEnumerable<string> ClaimKeys)
+        {
             var c = new RoleClaims();
             foreach (var claimKey in ClaimKeys)
                 c.Set(claimKey, true);
@@ -122,23 +127,26 @@ namespace Disco.Services.Authorization
             return _roleClaims.Where(rc => rc.Value.Item1(claims)).Select(rc => rc.Key).ToList();
         }
 
-        public static RoleClaims AdministratorClaims() {
+        public static RoleClaims AdministratorClaims()
+        {
             var c = new RoleClaims();
-#region Set All Administrator Claims
+            #region Set All Administrator Claims
 <#WriteAdministratorClaims(permissionRoot);#>
-#endregion
+            #endregion
             return c;
         }
 
-        public static RoleClaims ComputerAccountClaims() {
-            return new RoleClaims() {
+        public static RoleClaims ComputerAccountClaims()
+        {
+            return new RoleClaims()
+            {
                 ComputerAccount = true
             };
         }
 
-#region Role Claim Constants
+        #region Role Claim Constants
 <#WritePermissionConsts(permissionRoot);#>
-#endregion
+        #endregion
     }
     public static class ClaimExtensions
     {
diff --git a/Disco.Services/Authorization/Roles/RoleCache.cs b/Disco.Services/Authorization/Roles/RoleCache.cs
index 48a60607..2a77eceb 100644
--- a/Disco.Services/Authorization/Roles/RoleCache.cs
+++ b/Disco.Services/Authorization/Roles/RoleCache.cs
@@ -4,6 +4,7 @@ using Disco.Models.Services.Authorization;
 using Disco.Services.Interop.ActiveDirectory;
 using Newtonsoft.Json;
 using System;
+using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Linq;
 
@@ -16,41 +17,41 @@ namespace Disco.Services.Authorization.Roles
         internal const string ClaimsJsonEmpty = "null";
         internal static readonly string[] _RequiredAdministratorSubjectIds = new string[] { "Domain Admins" };
 
-        private static List<RoleToken> _Cache;
+        private static ConcurrentDictionary<int, RoleToken> cache;
         private static RoleToken _AdministratorToken;
 
-        internal static void Initialize(DiscoDataContext Database)
+        internal static void Initialize(DiscoDataContext database)
         {
-            MigrateAuthorizationRoles(Database);
+            MigrateAuthorizationRoles(database);
 
-            _Cache = Database.AuthorizationRoles.ToList().Select(ar => RoleToken.FromAuthorizationRole(ar)).ToList();
+            cache = new ConcurrentDictionary<int, RoleToken>(database.AuthorizationRoles.ToList().Select(ar => RoleToken.FromAuthorizationRole(ar)).ToDictionary(r => r.Role.Id));
 
             // Add System Roles
-            AddSystemRoles(Database);
+            AddSystemRoles(database);
         }
 
-        private static void AddSystemRoles(DiscoDataContext Database)
+        private static void AddSystemRoles(DiscoDataContext database)
         {
             // Disco Administrators
             _AdministratorToken = RoleToken.FromAuthorizationRole(new AuthorizationRole()
             {
                 Id = AdministratorsTokenId,
                 Name = "Disco Administrators",
-                SubjectIds = string.Join(",", GenerateAdministratorSubjectIds(Database))
+                SubjectIds = string.Join(",", GenerateAdministratorSubjectIds(database))
             }, Claims.AdministratorClaims());
-            _Cache.Add(_AdministratorToken);
+            cache.TryAdd(AdministratorsTokenId, _AdministratorToken);
 
             // Computer Accounts
-            _Cache.Add(RoleToken.FromAuthorizationRole(new AuthorizationRole()
+            cache.TryAdd(ComputerAccountTokenId, RoleToken.FromAuthorizationRole(new AuthorizationRole()
             {
                 Id = ComputerAccountTokenId,
                 Name = "Domain Computer Account"
             }, Claims.ComputerAccountClaims()));
         }
 
-        private static IEnumerable<string> GenerateAdministratorSubjectIds(DiscoDataContext Database)
+        private static IEnumerable<string> GenerateAdministratorSubjectIds(DiscoDataContext database)
         {
-            var configuredSubjectIds = Database.DiscoConfiguration.Administrators.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(s => ActiveDirectory.ParseDomainAccountId(s));
+            var configuredSubjectIds = database.DiscoConfiguration.Administrators.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(s => ActiveDirectory.ParseDomainAccountId(s));
 
             return RequiredAdministratorSubjectIds
                 .Concat(configuredSubjectIds)
@@ -58,94 +59,79 @@ namespace Disco.Services.Authorization.Roles
                 .OrderBy(s => s);
         }
         public static IEnumerable<string> RequiredAdministratorSubjectIds
-        {
-            get
-            {
-                return _RequiredAdministratorSubjectIds.Select(s => ActiveDirectory.ParseDomainAccountId(s));
-            }
-        }
+            => _RequiredAdministratorSubjectIds.Select(s => ActiveDirectory.ParseDomainAccountId(s));
         public static IEnumerable<string> AdministratorSubjectIds
-        {
-            get
-            {
-                return _AdministratorToken.SubjectIds.ToList();
-            }
-        }
+            => _AdministratorToken.SubjectIds.ToList();
 
-        public static void UpdateAdministratorSubjectIds(DiscoDataContext Database, IEnumerable<string> SubjectIds)
+        public static void UpdateAdministratorSubjectIds(DiscoDataContext database, IEnumerable<string> subjectIds)
         {
             // Clean
-            SubjectIds = SubjectIds
+            subjectIds = subjectIds
                 .Where(s => !string.IsNullOrWhiteSpace(s))
                 .Concat(RequiredAdministratorSubjectIds)
                 .Distinct(StringComparer.OrdinalIgnoreCase)
                 .OrderBy(s => s);
 
-            var subjectIdsString = string.Join(",", SubjectIds);
+            var subjectIdsString = string.Join(",", subjectIds);
 
             // Update Database
-            Database.DiscoConfiguration.Administrators = subjectIdsString;
-            Database.SaveChanges();
+            database.DiscoConfiguration.Administrators = subjectIdsString;
+            database.SaveChanges();
 
             // Update State
-            _AdministratorToken.SubjectIds = SubjectIds.ToList();
-            _AdministratorToken.SubjectIdHashes = new HashSet<string>(SubjectIds, StringComparer.OrdinalIgnoreCase);
+            _AdministratorToken.SubjectIds = subjectIds.ToList();
+            _AdministratorToken.SubjectIdHashes = new HashSet<string>(subjectIds, StringComparer.OrdinalIgnoreCase);
         }
 
         /// <summary>
         /// Create a clone of an Authorization Role
         /// <para>Creates immutable clones to avoid side-effects</para>
         /// </summary>
-        /// <param name="TemplateRole">Authorization Role to Clone</param>
+        /// <param name="templateRole">Authorization Role to Clone</param>
         /// <returns>A copy of the Authorization Role</returns>
-        private static AuthorizationRole CloneAuthoriationRole(AuthorizationRole TemplateRole)
+        private static AuthorizationRole CloneAuthoriationRole(AuthorizationRole templateRole)
         {
             return new AuthorizationRole()
             {
-                Id = TemplateRole.Id,
-                Name = TemplateRole.Name,
-                ClaimsJson = TemplateRole.ClaimsJson,
-                SubjectIds = TemplateRole.SubjectIds
+                Id = templateRole.Id,
+                Name = templateRole.Name,
+                ClaimsJson = templateRole.ClaimsJson,
+                SubjectIds = templateRole.SubjectIds
             };
         }
 
-        internal static RoleToken AddRole(AuthorizationRole Role)
-        {
-            var token = RoleToken.FromAuthorizationRole(CloneAuthoriationRole(Role));
-            _Cache.Add(token);
-            return token;
-        }
-
         internal static void RemoveRole(AuthorizationRole Role)
         {
-            var token = GetRoleToken(Role.Id);
-            if (token != null)
-                _Cache.Remove(token);
+            cache.TryRemove(Role.Id, out _);
         }
 
-        internal static RoleToken UpdateRole(AuthorizationRole Role)
+        internal static RoleToken AddOrUpdateRole(AuthorizationRole role)
         {
-            RemoveRole(Role);
-            return AddRole(Role);
+            var token = RoleToken.FromAuthorizationRole(CloneAuthoriationRole(role));
+            cache.AddOrUpdate(token.Role.Id, token, (i, e) => token);
+            return token;
         }
 
-        internal static RoleToken GetRoleToken(int Id)
+        internal static RoleToken GetRoleToken(int id)
         {
-            return _Cache.FirstOrDefault(t => t.Role.Id == Id);
+            if (cache.TryGetValue(id, out var result))
+                return result;
+            else
+                return null;
         }
-        internal static RoleToken GetRoleToken(string SecurityGroup)
+        internal static RoleToken GetRoleToken(string securityGroup)
         {
-            return _Cache.FirstOrDefault(t => t.SubjectIdHashes.Contains(SecurityGroup));
+            return cache.Values.FirstOrDefault(t => t.SubjectIdHashes.Contains(securityGroup));
         }
-        internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> SecurityGroup)
+        internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> securityGroups)
         {
-            return _Cache.Where(t => SecurityGroup.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
+            return cache.Values.Where(t => securityGroups.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
         }
-        internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> SecurityGroup, User User)
+        internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> securityGroups, User user)
         {
-            var subjectIds = SecurityGroup.Concat(new string[] { User.UserId });
+            var subjectIds = securityGroups.Concat(new string[] { user.UserId });
 
-            return _Cache.Where(t => subjectIds.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
+            return cache.Values.Where(t => subjectIds.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
         }
 
         /// <summary>
diff --git a/Disco.Services/Devices/DeviceFlags/Cache.cs b/Disco.Services/Devices/DeviceFlags/Cache.cs
index c680148e..69f8802f 100644
--- a/Disco.Services/Devices/DeviceFlags/Cache.cs
+++ b/Disco.Services/Devices/DeviceFlags/Cache.cs
@@ -8,7 +8,7 @@ namespace Disco.Services.Devices.DeviceFlags
 {
     internal class Cache
     {
-        private ConcurrentDictionary<int, DeviceFlag> _Cache;
+        private ConcurrentDictionary<int, (DeviceFlag, FlagPermission permission)> cache;
 
         public Cache(DiscoDataContext Database)
         {
@@ -26,36 +26,30 @@ namespace Disco.Services.Devices.DeviceFlags
             var flags = Database.DeviceFlags.ToList();
 
             // Add Queues to In-Memory Cache
-            _Cache = new ConcurrentDictionary<int, DeviceFlag>(flags.Select(f => new KeyValuePair<int, DeviceFlag>(f.Id, f)));
+            cache = new ConcurrentDictionary<int, (DeviceFlag, FlagPermission permission)>(flags.Select(f => new KeyValuePair<int, (DeviceFlag, FlagPermission permission)>(f.Id, (f, f.Permissions))));
         }
 
-        public DeviceFlag GetDeviceFlag(int deviceFlagId)
+        public (DeviceFlag flag, FlagPermission permission) GetDeviceFlag(int deviceFlagId)
         {
-            if (_Cache.TryGetValue(deviceFlagId, out var item))
+            if (cache.TryGetValue(deviceFlagId, out var item))
                 return item;
             else
-                return null;
+                return (null, null);
         }
-        public List<DeviceFlag> GetDeviceFlags()
+        public List<(DeviceFlag flag, FlagPermission permission)> GetDeviceFlags()
         {
-            return _Cache.Values.ToList();
+            return cache.Values.ToList();
         }
 
         public void AddOrUpdate(DeviceFlag flag)
         {
-            _Cache.AddOrUpdate(flag.Id, flag, (key, existingItem) => flag);
+            var value = (flag, flag.Permissions);
+            cache.AddOrUpdate(flag.Id, value, (key, existingItem) => value);
         }
 
-        public DeviceFlag Remove(int deviceFlagId)
+        public void Remove(int deviceFlagId)
         {
-            if (_Cache.TryRemove(deviceFlagId, out var item))
-                return item;
-            else
-                return null;
-        }
-        public DeviceFlag Remove(DeviceFlag deviceFlag)
-        {
-            return Remove(deviceFlag.Id);
+            cache.TryRemove(deviceFlagId, out _);
         }
     }
 }
diff --git a/Disco.Services/Devices/DeviceFlags/DeviceFlagExtensions.cs b/Disco.Services/Devices/DeviceFlags/DeviceFlagExtensions.cs
index 3c3dcb97..b1aebbd3 100644
--- a/Disco.Services/Devices/DeviceFlags/DeviceFlagExtensions.cs
+++ b/Disco.Services/Devices/DeviceFlags/DeviceFlagExtensions.cs
@@ -1,6 +1,7 @@
 using Disco.Data.Repository;
 using Disco.Models.Repository;
 using Disco.Services.Authorization;
+using Disco.Services.Devices.DeviceFlags;
 using Disco.Services.Expressions;
 using Disco.Services.Logging;
 using Disco.Services.Users;
@@ -15,16 +16,18 @@ namespace Disco.Services
     {
 
         #region Edit Comments
-        public static bool CanEditComments(this DeviceFlagAssignment fa)
+        public static bool CanEdit(this DeviceFlagAssignment fa)
         {
-            return UserService.CurrentAuthorization.Has(Claims.Device.Actions.EditFlags);
+            var (_, permission) = DeviceFlagService.GetDeviceFlag(fa.DeviceFlagId);
+
+            return permission.CanEdit();
         }
-        public static void OnEditComments(this DeviceFlagAssignment fa, string Comments)
+        public static void OnEdit(this DeviceFlagAssignment fa, string comments)
         {
-            if (!fa.CanEditComments())
+            if (!fa.CanEdit())
                 throw new InvalidOperationException("Editing comments for device flags is denied");
 
-            fa.Comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim();
+            fa.Comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim();
         }
         #endregion
 
@@ -34,36 +37,38 @@ namespace Disco.Services
             if (fa.RemovedDate.HasValue)
                 return false;
 
-            return UserService.CurrentAuthorization.Has(Claims.Device.Actions.RemoveFlags);
+            var (_, permission) = DeviceFlagService.GetDeviceFlag(fa.DeviceFlagId);
+
+            return permission.CanRemove();
         }
-        public static void OnRemove(this DeviceFlagAssignment fa, DiscoDataContext Database, User RemovingUser)
+        public static void OnRemove(this DeviceFlagAssignment fa, DiscoDataContext database)
         {
             if (!fa.CanRemove())
                 throw new InvalidOperationException("Removing device flags is denied");
 
-            fa.OnRemoveUnsafe(Database, RemovingUser);
+            fa.OnRemoveUnsafe(database, UserService.CurrentUser);
         }
 
-        public static void OnRemoveUnsafe(this DeviceFlagAssignment fa, DiscoDataContext Database, User RemovingUser)
+        public static void OnRemoveUnsafe(this DeviceFlagAssignment fa, DiscoDataContext database, User removingUser)
         {
-            fa = Database.DeviceFlagAssignments
+            fa = database.DeviceFlagAssignments
                 .Include(a => a.DeviceFlag)
                 .First(a => a.Id == fa.Id);
-            RemovingUser = Database.Users.First(u => u.UserId == RemovingUser.UserId);
+            removingUser = database.Users.First(u => u.UserId == removingUser.UserId);
 
             fa.RemovedDate = DateTime.Now;
-            fa.RemovedUserId = RemovingUser.UserId;
+            fa.RemovedUserId = removingUser.UserId;
 
             if (!string.IsNullOrWhiteSpace(fa.DeviceFlag.OnUnassignmentExpression))
             {
                 try
                 {
-                    Database.SaveChanges();
-                    var expressionResult = fa.EvaluateOnUnassignmentExpression(Database, RemovingUser, fa.AddedDate);
+                    database.SaveChanges();
+                    var expressionResult = fa.EvaluateOnUnassignmentExpression(database, removingUser, fa.AddedDate);
                     if (!string.IsNullOrWhiteSpace(expressionResult))
                     {
                         fa.OnUnassignmentExpressionResult = expressionResult;
-                        Database.SaveChanges();
+                        database.SaveChanges();
                     }
                 }
                 catch (Exception ex)
@@ -75,58 +80,52 @@ namespace Disco.Services
         #endregion
 
         #region Add
-        public static bool CanAddDeviceFlags(this Device d)
-        {
-            return UserService.CurrentAuthorization.Has(Claims.Device.Actions.AddFlags);
-        }
         public static bool CanAddDeviceFlag(this Device d, DeviceFlag flag)
         {
-            // Shortcut
-            if (!d.CanAddDeviceFlags())
-                return false;
-
             // Already has Device Flag?
             if (d.DeviceFlagAssignments.Any(fa => !fa.RemovedDate.HasValue && fa.DeviceFlagId == flag.Id))
                 return false;
 
-            return true;
+            var (_, permission) = DeviceFlagService.GetDeviceFlag(flag.Id);
+
+            return permission.CanAssign();
         }
-        public static DeviceFlagAssignment OnAddDeviceFlag(this Device d, DiscoDataContext Database, DeviceFlag flag, User AddingUser, string Comments)
+        public static DeviceFlagAssignment OnAddDeviceFlag(this Device d, DiscoDataContext database, DeviceFlag flag, string comments)
         {
             if (!d.CanAddDeviceFlag(flag))
                 throw new InvalidOperationException("Adding device flag is denied");
 
-            return d.OnAddDeviceFlagUnsafe(Database, flag, AddingUser, Comments);
+            return d.OnAddDeviceFlagUnsafe(database, flag, UserService.CurrentUser, comments);
         }
 
-        public static DeviceFlagAssignment OnAddDeviceFlagUnsafe(this Device d, DiscoDataContext Database, DeviceFlag flag, User AddingUser, string Comments)
+        public static DeviceFlagAssignment OnAddDeviceFlagUnsafe(this Device d, DiscoDataContext database, DeviceFlag flag, User addingUser, string comments)
         {
-            flag = Database.DeviceFlags.First(f => f.Id == flag.Id);
-            d = Database.Devices.First(de => de.SerialNumber == d.SerialNumber);
-            AddingUser = Database.Users.First(user => user.UserId == AddingUser.UserId);
+            flag = database.DeviceFlags.First(f => f.Id == flag.Id);
+            d = database.Devices.First(de => de.SerialNumber == d.SerialNumber);
+            addingUser = database.Users.First(user => user.UserId == addingUser.UserId);
 
             var fa = new DeviceFlagAssignment()
             {
                 DeviceFlag = flag,
                 Device = d,
                 AddedDate = DateTime.Now,
-                AddedUser = AddingUser,
-                AddedUserId = AddingUser.UserId,
-                Comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim()
+                AddedUser = addingUser,
+                AddedUserId = addingUser.UserId,
+                Comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim()
             };
 
-            Database.DeviceFlagAssignments.Add(fa);
+            database.DeviceFlagAssignments.Add(fa);
 
             if (!string.IsNullOrWhiteSpace(flag.OnAssignmentExpression))
             {
                 try
                 {
-                    Database.SaveChanges();
-                    var expressionResult = fa.EvaluateOnAssignmentExpression(Database, AddingUser, fa.AddedDate);
+                    database.SaveChanges();
+                    var expressionResult = fa.EvaluateOnAssignmentExpression(database, addingUser, fa.AddedDate);
                     if (!string.IsNullOrWhiteSpace(expressionResult))
                     {
                         fa.OnAssignmentExpressionResult = expressionResult;
-                        Database.SaveChanges();
+                        database.SaveChanges();
                     }
                 }
                 catch (Exception ex)
diff --git a/Disco.Services/Devices/DeviceFlags/DeviceFlagService.cs b/Disco.Services/Devices/DeviceFlags/DeviceFlagService.cs
index 1496bda4..286b6d3a 100644
--- a/Disco.Services/Devices/DeviceFlags/DeviceFlagService.cs
+++ b/Disco.Services/Devices/DeviceFlags/DeviceFlagService.cs
@@ -13,7 +13,7 @@ namespace Disco.Services.Devices.DeviceFlags
 {
     public static class DeviceFlagService
     {
-        private static Cache _cache;
+        private static Cache cache;
         internal static Lazy<IObservable<RepositoryMonitorEvent>> DeviceFlagAssignmentRepositoryEvents;
 
         static DeviceFlagService()
@@ -31,18 +31,51 @@ namespace Disco.Services.Devices.DeviceFlags
 
         public static void Initialize(DiscoDataContext database)
         {
-            _cache = new Cache(database);
+            cache = new Cache(database);
 
             // Initialize Managed Groups (if configured)
-            _cache.GetDeviceFlags().ForEach(uf =>
+            cache.GetDeviceFlags().ForEach(uf =>
             {
-                DeviceFlagDevicesManagedGroup.Initialize(uf);
-                DeviceFlagDeviceAssignedUsersManagedGroup.Initialize(uf);
+                DeviceFlagDevicesManagedGroup.Initialize(uf.flag);
+                DeviceFlagDeviceAssignedUsersManagedGroup.Initialize(uf.flag);
             });
         }
 
-        public static List<DeviceFlag> GetDeviceFlags() { return _cache.GetDeviceFlags(); }
-        public static DeviceFlag GetDeviceFlag(int deviceFlagId) { return _cache.GetDeviceFlag(deviceFlagId); }
+        public static IEnumerable<(DeviceFlag flag, FlagPermission permission)> GetDeviceFlags() { return cache.GetDeviceFlags(); }
+        public static (DeviceFlag flag, FlagPermission permission) GetDeviceFlag(int deviceFlagId) { return cache.GetDeviceFlag(deviceFlagId); }
+
+        public static DeviceFlag GetAvailableUserFlag(int deviceFlagId, Device targetDevice)
+        {
+            var (deviceFlag, permission) = cache.GetDeviceFlag(deviceFlagId);
+
+            if (targetDevice.DeviceFlagAssignments
+                .Where(a => a.DeviceFlagId == deviceFlagId && !a.RemovedDate.HasValue).Any())
+                return null;
+
+            if (permission.CanAssign())
+                return deviceFlag;
+
+            return null;
+        }
+
+        public static IEnumerable<DeviceFlag> GetAvailableDeviceFlags(Device targetDevice)
+        {
+            var records = cache.GetDeviceFlags();
+
+            var usedFlags = targetDevice.DeviceFlagAssignments
+                    .Where(a => !a.RemovedDate.HasValue)
+                    .Select(a => a.DeviceFlagId)
+                    .ToList();
+
+            foreach (var (flag, permission) in records)
+            {
+                if (usedFlags.Contains(flag.Id))
+                    continue;
+
+                if (permission.CanAssign())
+                    yield return flag;
+            }
+        }
 
         #region Device Flag Maintenance
         public static DeviceFlag CreateDeviceFlag(DiscoDataContext database, string name, string description)
@@ -52,7 +85,7 @@ namespace Disco.Services.Devices.DeviceFlags
                 throw new ArgumentException("The Device Flag Name is required", nameof(name));
 
             // Name Unique
-            if (_cache.GetDeviceFlags().Any(f => f.Name.Equals(name, StringComparison.Ordinal)))
+            if (cache.GetDeviceFlags().Any(f => f.flag.Name.Equals(name, StringComparison.Ordinal)))
                 throw new ArgumentException("Another Device Flag already exists with that name", nameof(name));
 
             // Clone to break reference
@@ -67,7 +100,7 @@ namespace Disco.Services.Devices.DeviceFlags
             database.DeviceFlags.Add(flag);
             database.SaveChanges();
 
-            _cache.AddOrUpdate(flag);
+            cache.AddOrUpdate(flag);
 
             return flag;
         }
@@ -78,12 +111,12 @@ namespace Disco.Services.Devices.DeviceFlags
                 throw new ArgumentException("The Device Flag Name is required", nameof(deviceFlag));
 
             // Name Unique
-            if (_cache.GetDeviceFlags().Any(f => f.Id != deviceFlag.Id && f.Name == deviceFlag.Name))
+            if (cache.GetDeviceFlags().Any(f => f.flag.Id != deviceFlag.Id && f.flag.Name == deviceFlag.Name))
                 throw new ArgumentException("Another Device Flag already exists with that name", nameof(deviceFlag));
 
             database.SaveChanges();
 
-            _cache.AddOrUpdate(deviceFlag);
+            cache.AddOrUpdate(deviceFlag);
             DeviceFlagDevicesManagedGroup.Initialize(deviceFlag);
             DeviceFlagDeviceAssignedUsersManagedGroup.Initialize(deviceFlag);
 
@@ -113,7 +146,7 @@ namespace Disco.Services.Devices.DeviceFlags
             database.SaveChanges();
 
             // Remove from Cache
-            _cache.Remove(deviceFlagId);
+            cache.Remove(deviceFlagId);
 
             status.Finished($"Successfully Deleted Device Flag: '{flag.Name}' [{flag.Id}]");
         }
@@ -140,7 +173,7 @@ namespace Disco.Services.Devices.DeviceFlags
                     {
                         status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Assigning Flag: {device}");
 
-                        return device.OnAddDeviceFlag(database, deviceFlag, technician, comments);
+                        return device.OnAddDeviceFlagUnsafe(database, deviceFlag, technician, comments);
                     }).ToList();
 
                     // Save Chunk Items to Database
@@ -206,7 +239,7 @@ namespace Disco.Services.Devices.DeviceFlags
                     {
                         status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Assigning Flag: {device}");
 
-                        return device.OnAddDeviceFlag(database, deviceFlag, technician, comments);
+                        return device.OnAddDeviceFlagUnsafe(database, deviceFlag, technician, comments);
                     }).ToList();
 
                     // Save Chunk Items to Database
@@ -229,11 +262,11 @@ namespace Disco.Services.Devices.DeviceFlags
 
         public static string RandomUnusedIcon()
         {
-            return UIHelpers.RandomIcon(_cache.GetDeviceFlags().Select(f => f.Icon));
+            return UIHelpers.RandomIcon(cache.GetDeviceFlags().Select(f => f.flag.Icon));
         }
         public static string RandomUnusedThemeColour()
         {
-            return UIHelpers.RandomThemeColour(_cache.GetDeviceFlags().Select(f => f.IconColour));
+            return UIHelpers.RandomThemeColour(cache.GetDeviceFlags().Select(f => f.flag.IconColour));
         }
     }
 }
diff --git a/Disco.Services/Disco.Services.csproj b/Disco.Services/Disco.Services.csproj
index d050b135..f026d40b 100644
--- a/Disco.Services/Disco.Services.csproj
+++ b/Disco.Services/Disco.Services.csproj
@@ -609,6 +609,7 @@
     <Compile Include="Users\Contact\UserContactService.cs" />
     <Compile Include="Users\UserExtensions.cs" />
     <Compile Include="Users\UserFlags\Cache.cs" />
+    <Compile Include="Users\UserFlags\FlagPermissionExtensions.cs" />
     <Compile Include="Users\UserFlags\UserFlagExport.cs" />
     <Compile Include="Users\UserFlags\UserFlagExtensions.cs" />
     <Compile Include="Users\UserFlags\UserFlagUserDevicesManagedGroup.cs" />
diff --git a/Disco.Services/Users/UserFlags/Cache.cs b/Disco.Services/Users/UserFlags/Cache.cs
index 984b0c0d..ab2eb601 100644
--- a/Disco.Services/Users/UserFlags/Cache.cs
+++ b/Disco.Services/Users/UserFlags/Cache.cs
@@ -8,7 +8,7 @@ namespace Disco.Services.Users.UserFlags
 {
     internal class Cache
     {
-        private ConcurrentDictionary<int, UserFlag> _Cache;
+        private ConcurrentDictionary<int, (UserFlag flag, FlagPermission permission)> cache;
 
         public Cache(DiscoDataContext Database)
         {
@@ -26,36 +26,30 @@ namespace Disco.Services.Users.UserFlags
             var flags = Database.UserFlags.ToList();
 
             // Add Queues to In-Memory Cache
-            _Cache = new ConcurrentDictionary<int, UserFlag>(flags.Select(f => new KeyValuePair<int, UserFlag>(f.Id, f)));
+            cache = new ConcurrentDictionary<int, (UserFlag, FlagPermission)>(flags.Select(f => new KeyValuePair<int, (UserFlag, FlagPermission)>(f.Id, (f, f.Permissions))));
         }
 
-        public UserFlag GetUserFlag(int UserFlagId)
+        public (UserFlag flag, FlagPermission permission) GetUserFlag(int UserFlagId)
         {
-            if (_Cache.TryGetValue(UserFlagId, out var item))
+            if (cache.TryGetValue(UserFlagId, out var item))
                 return item;
             else
-                return null;
+                return (null, null);
         }
-        public List<UserFlag> GetUserFlags()
+        public List<(UserFlag flag, FlagPermission permission)> GetUserFlags()
         {
-            return _Cache.Values.ToList();
+            return cache.Values.ToList();
         }
 
         public void AddOrUpdate(UserFlag UserFlag)
         {
-            _Cache.AddOrUpdate(UserFlag.Id, UserFlag, (key, existingItem) => UserFlag);
+            var value = (UserFlag, UserFlag.Permissions);
+            cache.AddOrUpdate(UserFlag.Id, value, (key, existingItem) => value);
         }
 
-        public UserFlag Remove(int UserFlagId)
+        public void Remove(int UserFlagId)
         {
-            if (_Cache.TryRemove(UserFlagId, out var item))
-                return item;
-            else
-                return null;
-        }
-        public UserFlag Remove(UserFlag UserFlag)
-        {
-            return Remove(UserFlag.Id);
+            cache.TryRemove(UserFlagId, out _);
         }
     }
 }
diff --git a/Disco.Services/Users/UserFlags/FlagPermissionExtensions.cs b/Disco.Services/Users/UserFlags/FlagPermissionExtensions.cs
new file mode 100644
index 00000000..55f4c2a2
--- /dev/null
+++ b/Disco.Services/Users/UserFlags/FlagPermissionExtensions.cs
@@ -0,0 +1,144 @@
+using Disco.Models.Repository;
+using Disco.Services.Authorization;
+using Disco.Services.Devices.DeviceFlags;
+using Disco.Services.Users;
+using Disco.Services.Users.UserFlags;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace Disco
+{
+    public static class FlagPermissionExtensions
+    {
+        public static bool CanShow(this FlagPermission permission)
+        {
+            var authorization = UserService.CurrentAuthorization;
+
+            // inherited permission
+            if (permission.Inherit &&
+                authorization.Has(permission.FlagType == FlagType.User ? Claims.User.ShowFlagAssignments : Claims.Device.ShowFlagAssignments))
+            {
+                return true;
+            }
+
+            // permission override
+            if (permission != null && (
+                permission.CanShowSubjectIds.Contains(authorization.User.UserId) ||
+                permission.CanShowSubjectIds.Overlaps(authorization.GroupMembership) ||
+                permission.CanShowSubjectIds.Overlaps(authorization.RoleTokens.Select(r => $"[{r.Role.Id}]"))
+                ))
+            {
+                return true;
+            }
+
+            return false;
+        }
+        public static bool CanAssign(this FlagPermission permission)
+        {
+            var authorization = UserService.CurrentAuthorization;
+
+            // inherited permission
+            if (permission.Inherit &&
+                authorization.Has(permission.FlagType == FlagType.User ? Claims.User.Actions.AddFlags : Claims.Device.Actions.AddFlags))
+            {
+                return true;
+            }
+
+            // permission override
+            if (permission != null && (
+                permission.CanAssignSubjectIds.Contains(authorization.User.UserId) ||
+                permission.CanAssignSubjectIds.Overlaps(authorization.GroupMembership) ||
+                permission.CanAssignSubjectIds.Overlaps(authorization.RoleTokens.Select(r => $"[{r.Role.Id}]"))
+                ))
+            {
+                return true;
+            }
+
+            return false;
+        }
+        public static bool CanEdit(this FlagPermission permission)
+        {
+            var authorization = UserService.CurrentAuthorization;
+
+            // inherited permission
+            if (permission.Inherit &&
+                authorization.Has(permission.FlagType == FlagType.User ? Claims.User.Actions.EditFlags : Claims.Device.Actions.EditFlags))
+            {
+                return true;
+            }
+
+            // permission override
+            if (permission != null && (
+                permission.CanEditSubjectIds.Contains(authorization.User.UserId) ||
+                permission.CanEditSubjectIds.Overlaps(authorization.GroupMembership) ||
+                permission.CanEditSubjectIds.Overlaps(authorization.RoleTokens.Select(r => $"[{r.Role.Id}]"))
+                ))
+            {
+                return true;
+            }
+
+            return false;
+        }
+        public static bool CanRemove(this FlagPermission permission)
+        {
+            var authorization = UserService.CurrentAuthorization;
+
+            // inherited permission
+            if (permission.Inherit &&
+                authorization.Has(permission.FlagType == FlagType.User ? Claims.User.Actions.RemoveFlags : Claims.Device.Actions.RemoveFlags))
+            {
+                return true;
+            }
+
+            // permission override
+            if (permission != null && (
+                permission.CanRemoveSubjectIds.Contains(authorization.User.UserId) ||
+                permission.CanRemoveSubjectIds.Overlaps(authorization.GroupMembership) ||
+                permission.CanRemoveSubjectIds.Overlaps(authorization.RoleTokens.Select(r => $"[{r.Role.Id}]"))
+                ))
+            {
+                return true;
+            }
+
+            return false;
+        }
+
+        public static bool CanShowAny(this IEnumerable<UserFlagAssignment> assignments)
+        {
+            if (assignments == null)
+                return false;
+
+            foreach (var assignment in assignments)
+            {
+                if (assignment.RemovedDate.HasValue)
+                    continue;
+
+                var (_, permission) = UserFlagService.GetUserFlag(assignment.UserFlagId);
+
+                if (permission.CanShow())
+                    return true;
+            }
+
+            return false;
+        }
+
+        public static bool CanShowAny(this IEnumerable<DeviceFlagAssignment> assignments)
+        {
+            if (assignments == null)
+                return false;
+
+            foreach (var assignment in assignments)
+            {
+                if (assignment.RemovedDate.HasValue)
+                    continue;
+
+                var (_, permission) = DeviceFlagService.GetDeviceFlag(assignment.DeviceFlagId);
+
+                if (permission.CanShow())
+                    return true;
+            }
+
+            return false;
+        }
+    }
+}
diff --git a/Disco.Services/Users/UserFlags/UserFlagExtensions.cs b/Disco.Services/Users/UserFlags/UserFlagExtensions.cs
index aa77d5ce..60221600 100644
--- a/Disco.Services/Users/UserFlags/UserFlagExtensions.cs
+++ b/Disco.Services/Users/UserFlags/UserFlagExtensions.cs
@@ -4,6 +4,7 @@ using Disco.Services.Authorization;
 using Disco.Services.Expressions;
 using Disco.Services.Logging;
 using Disco.Services.Users;
+using Disco.Services.Users.UserFlags;
 using System;
 using System.Collections;
 using System.Linq;
@@ -14,16 +15,18 @@ namespace Disco.Services
     {
 
         #region Edit Comments
-        public static bool CanEditComments(this UserFlagAssignment fa)
+        public static bool CanEdit(this UserFlagAssignment fa)
         {
-            return UserService.CurrentAuthorization.Has(Claims.User.Actions.EditFlags);
+            var (_, permission) = UserFlagService.GetUserFlag(fa.UserFlagId);
+
+            return permission.CanEdit();
         }
-        public static void OnEditComments(this UserFlagAssignment fa, string Comments)
+        public static void OnEdit(this UserFlagAssignment fa, string comments)
         {
-            if (!fa.CanEditComments())
+            if (!fa.CanEdit())
                 throw new InvalidOperationException("Editing comments for user flags is denied");
 
-            fa.Comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim();
+            fa.Comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim();
         }
         #endregion
 
@@ -33,34 +36,36 @@ namespace Disco.Services
             if (fa.RemovedDate.HasValue)
                 return false;
 
-            return UserService.CurrentAuthorization.Has(Claims.User.Actions.RemoveFlags);
+            var (_, permission) = UserFlagService.GetUserFlag(fa.UserFlagId);
+
+            return permission.CanRemove();
         }
-        public static void OnRemove(this UserFlagAssignment fa, DiscoDataContext Database, User RemovingUser)
+        public static void OnRemove(this UserFlagAssignment fa, DiscoDataContext database)
         {
             if (!fa.CanRemove())
                 throw new InvalidOperationException("Removing user flags is denied");
 
-            fa.OnRemoveUnsafe(Database, RemovingUser);
+            fa.OnRemoveUnsafe(database, UserService.CurrentUser);
         }
 
-        public static void OnRemoveUnsafe(this UserFlagAssignment fa, DiscoDataContext Database, User RemovingUser)
+        public static void OnRemoveUnsafe(this UserFlagAssignment fa, DiscoDataContext database, User removingUser)
         {
-            fa = Database.UserFlagAssignments.First(a => a.Id == fa.Id);
-            RemovingUser = Database.Users.First(u => u.UserId == RemovingUser.UserId);
+            fa = database.UserFlagAssignments.First(a => a.Id == fa.Id);
+            removingUser = database.Users.First(u => u.UserId == removingUser.UserId);
 
             fa.RemovedDate = DateTime.Now;
-            fa.RemovedUserId = RemovingUser.UserId;
+            fa.RemovedUserId = removingUser.UserId;
 
             if (!string.IsNullOrWhiteSpace(fa.UserFlag.OnUnassignmentExpression))
             {
                 try
                 {
-                    Database.SaveChanges();
-                    var expressionResult = fa.EvaluateOnUnassignmentExpression(Database, RemovingUser, fa.AddedDate);
+                    database.SaveChanges();
+                    var expressionResult = fa.EvaluateOnUnassignmentExpression(database, removingUser, fa.AddedDate);
                     if (!string.IsNullOrWhiteSpace(expressionResult))
                     {
                         fa.OnUnassignmentExpressionResult = expressionResult;
-                        Database.SaveChanges();
+                        database.SaveChanges();
                     }
                 }
                 catch (Exception ex)
@@ -72,58 +77,52 @@ namespace Disco.Services
         #endregion
 
         #region Add
-        public static bool CanAddUserFlags(this User u)
-        {
-            return UserService.CurrentAuthorization.Has(Claims.User.Actions.AddFlags);
-        }
         public static bool CanAddUserFlag(this User u, UserFlag flag)
         {
-            // Shortcut
-            if (!u.CanAddUserFlags())
-                return false;
-
             // Already has User Flag?
             if (u.UserFlagAssignments.Any(fa => !fa.RemovedDate.HasValue && fa.UserFlagId == flag.Id))
                 return false;
 
-            return true;
+            var (_, permission) = UserFlagService.GetUserFlag(flag.Id);
+
+            return permission.CanAssign();
         }
-        public static UserFlagAssignment OnAddUserFlag(this User u, DiscoDataContext Database, UserFlag flag, User AddingUser, string Comments)
+        public static UserFlagAssignment OnAddUserFlag(this User u, DiscoDataContext database, UserFlag flag, string comments)
         {
             if (!u.CanAddUserFlag(flag))
                 throw new InvalidOperationException("Adding user flag is denied");
 
-            return u.OnAddUserFlagUnsafe(Database, flag, AddingUser, Comments);
+            return u.OnAddUserFlagUnsafe(database, flag, UserService.CurrentUser, comments);
         }
 
-        public static UserFlagAssignment OnAddUserFlagUnsafe(this User u, DiscoDataContext Database, UserFlag flag, User AddingUser, string Comments)
+        public static UserFlagAssignment OnAddUserFlagUnsafe(this User u, DiscoDataContext database, UserFlag flag, User addingUser, string comments)
         {
-            flag = Database.UserFlags.First(f => f.Id == flag.Id);
-            u = Database.Users.First(user => user.UserId == u.UserId);
-            AddingUser = Database.Users.First(user => user.UserId == AddingUser.UserId);
+            flag = database.UserFlags.First(f => f.Id == flag.Id);
+            u = database.Users.First(user => user.UserId == u.UserId);
+            addingUser = database.Users.First(user => user.UserId == addingUser.UserId);
 
             var fa = new UserFlagAssignment()
             {
                 UserFlag = flag,
                 User = u,
                 AddedDate = DateTime.Now,
-                AddedUser = AddingUser,
-                AddedUserId = AddingUser.UserId,
-                Comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim()
+                AddedUser = addingUser,
+                AddedUserId = addingUser.UserId,
+                Comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim()
             };
 
-            Database.UserFlagAssignments.Add(fa);
+            database.UserFlagAssignments.Add(fa);
 
             if (!string.IsNullOrWhiteSpace(flag.OnAssignmentExpression))
             {
                 try
                 {
-                    Database.SaveChanges();
-                    var expressionResult = fa.EvaluateOnAssignmentExpression(Database, AddingUser, fa.AddedDate);
+                    database.SaveChanges();
+                    var expressionResult = fa.EvaluateOnAssignmentExpression(database, addingUser, fa.AddedDate);
                     if (!string.IsNullOrWhiteSpace(expressionResult))
                     {
                         fa.OnAssignmentExpressionResult = expressionResult;
-                        Database.SaveChanges();
+                        database.SaveChanges();
                     }
                 }
                 catch (Exception ex)
diff --git a/Disco.Services/Users/UserFlags/UserFlagService.cs b/Disco.Services/Users/UserFlags/UserFlagService.cs
index ae1bc55e..88699bb3 100644
--- a/Disco.Services/Users/UserFlags/UserFlagService.cs
+++ b/Disco.Services/Users/UserFlags/UserFlagService.cs
@@ -5,6 +5,7 @@ using Disco.Services.Extensions;
 using Disco.Services.Tasks;
 using System;
 using System.Collections.Generic;
+using System.Data.Entity;
 using System.Linq;
 using System.Reactive.Linq;
 
@@ -12,7 +13,7 @@ namespace Disco.Services.Users.UserFlags
 {
     public static class UserFlagService
     {
-        private static Cache _cache;
+        private static Cache cache;
         internal static Lazy<IObservable<RepositoryMonitorEvent>> UserFlagAssignmentRepositoryEvents;
 
         static UserFlagService()
@@ -24,25 +25,58 @@ namespace Disco.Services.Users.UserFlags
                     RepositoryMonitor.StreamAfterCommit.Where(e =>
                         e.EntityType == typeof(UserFlagAssignment) &&
                         (e.EventType != RepositoryMonitorEventType.Modified ||
-                        e.ModifiedProperties.Contains("RemovedDate"))
+                        e.ModifiedProperties.Contains(nameof(UserFlagAssignment.RemovedDate)))
                         )
                     );
         }
 
         public static void Initialize(DiscoDataContext Database)
         {
-            _cache = new Cache(Database);
+            cache = new Cache(Database);
 
             // Initialize Managed Groups (if configured)
-            _cache.GetUserFlags().ForEach(uf =>
+            cache.GetUserFlags().ForEach(uf =>
             {
-                UserFlagUsersManagedGroup.Initialize(uf);
-                UserFlagUserDevicesManagedGroup.Initialize(uf);
+                UserFlagUsersManagedGroup.Initialize(uf.flag);
+                UserFlagUserDevicesManagedGroup.Initialize(uf.flag);
             });
         }
 
-        public static List<UserFlag> GetUserFlags() { return _cache.GetUserFlags(); }
-        public static UserFlag GetUserFlag(int UserFlagId) { return _cache.GetUserFlag(UserFlagId); }
+        public static IEnumerable<(UserFlag flag, FlagPermission permission)> GetUserFlags() { return cache.GetUserFlags(); }
+        public static (UserFlag flag, FlagPermission permission) GetUserFlag(int UserFlagId) { return cache.GetUserFlag(UserFlagId); }
+
+        public static UserFlag GetAvailableUserFlag(int userFlagId, User targetUser)
+        {
+            var (userFlag, permission) = cache.GetUserFlag(userFlagId);
+
+            if (targetUser.UserFlagAssignments
+                .Where(a => a.UserFlagId == userFlagId && !a.RemovedDate.HasValue).Any())
+                return null;
+
+            if (permission.CanAssign())
+                return userFlag;
+
+            return null;
+        }
+
+        public static IEnumerable<UserFlag> GetAvailableUserFlags(User targetUser)
+        {
+            var records = cache.GetUserFlags();
+
+            var usedFlags = targetUser.UserFlagAssignments
+                    .Where(a => !a.RemovedDate.HasValue)
+                    .Select(a => a.UserFlagId)
+                    .ToList();
+
+            foreach (var (flag, permission) in records)
+            {
+                if (usedFlags.Contains(flag.Id))
+                    continue;
+
+                if (permission.CanAssign())
+                    yield return flag;
+            }
+        }
 
         #region User Flag Maintenance
         public static UserFlag CreateUserFlag(DiscoDataContext Database, string name, string description)
@@ -52,7 +86,7 @@ namespace Disco.Services.Users.UserFlags
                 throw new ArgumentException("The User Flag Name is required", nameof(name));
 
             // Name Unique
-            if (_cache.GetUserFlags().Any(f => f.Name.Equals(name, StringComparison.Ordinal)))
+            if (cache.GetUserFlags().Any(f => f.flag.Name.Equals(name, StringComparison.Ordinal)))
                 throw new ArgumentException("Another User Flag already exists with that name", nameof(name));
 
             // Clone to break reference
@@ -67,7 +101,7 @@ namespace Disco.Services.Users.UserFlags
             Database.UserFlags.Add(flag);
             Database.SaveChanges();
 
-            _cache.AddOrUpdate(flag);
+            cache.AddOrUpdate(flag);
 
             return flag;
         }
@@ -78,12 +112,12 @@ namespace Disco.Services.Users.UserFlags
                 throw new ArgumentException("The User Flag Name is required");
 
             // Name Unique
-            if (_cache.GetUserFlags().Any(f => f.Id != UserFlag.Id && f.Name == UserFlag.Name))
-                throw new ArgumentException("Another User Flag already exists with that name", "UserFlag");
+            if (cache.GetUserFlags().Any(f => f.flag.Id != UserFlag.Id && f.flag.Name == UserFlag.Name))
+                throw new ArgumentException("Another User Flag already exists with that name", nameof(UserFlag));
 
             Database.SaveChanges();
 
-            _cache.AddOrUpdate(UserFlag);
+            cache.AddOrUpdate(UserFlag);
             UserFlagUsersManagedGroup.Initialize(UserFlag);
             UserFlagUserDevicesManagedGroup.Initialize(UserFlag);
 
@@ -113,22 +147,22 @@ namespace Disco.Services.Users.UserFlags
             Database.SaveChanges();
 
             // Remove from Cache
-            _cache.Remove(UserFlagId);
+            cache.Remove(UserFlagId);
 
             Status.Finished($"Successfully Deleted User Flag: '{flag.Name}' [{flag.Id}]");
         }
         #endregion
 
         #region Bulk Assignment
-        public static IEnumerable<UserFlagAssignment> BulkAssignAddUsers(DiscoDataContext Database, UserFlag UserFlag, User Technician, string Comments, List<User> Users, IScheduledTaskStatus Status)
+        public static IEnumerable<UserFlagAssignment> BulkAssignAddUsers(DiscoDataContext database, UserFlag userFlag, User techUser, string comments, List<User> users, IScheduledTaskStatus status)
         {
-            if (Users.Count > 0)
+            if (users.Count > 0)
             {
                 double progressInterval;
                 const int databaseChunkSize = 100;
-                string comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim();
+                comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim();
 
-                var addUsers = Users.Where(u => !u.UserFlagAssignments.Any(a => a.UserFlagId == UserFlag.Id && !a.RemovedDate.HasValue)).ToList();
+                var addUsers = users.Where(u => !u.UserFlagAssignments.Any(a => a.UserFlagId == userFlag.Id && !a.RemovedDate.HasValue)).ToList();
 
                 progressInterval = (double)100 / addUsers.Count;
 
@@ -138,39 +172,39 @@ namespace Disco.Services.Users.UserFlags
 
                     var chunkResults = chunk.Select((user, index) =>
                     {
-                        Status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Assigning Flag: {user.ToString()}");
+                        status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Assigning Flag: {user}");
 
-                        return user.OnAddUserFlag(Database, UserFlag, Technician, comments);
+                        return user.OnAddUserFlagUnsafe(database, userFlag, techUser, comments);
                     }).ToList();
 
                     // Save Chunk Items to Database
-                    Database.SaveChanges();
+                    database.SaveChanges();
 
                     return chunkResults;
                 }).Where(fa => fa != null).ToList();
 
-                Status.SetFinishedMessage($"{addUsers.Count} Users/s Added; {(Users.Count - addUsers.Count)} User/s Skipped");
+                status.SetFinishedMessage($"{addUsers.Count} Users/s Added; {users.Count - addUsers.Count} User/s Skipped");
 
                 return addedUserAssignments;
             }
             else
             {
-                Status.SetFinishedMessage("No changes found");
+                status.SetFinishedMessage("No changes found");
                 return Enumerable.Empty<UserFlagAssignment>();
             }
         }
 
-        public static IEnumerable<UserFlagAssignment> BulkAssignOverrideUsers(DiscoDataContext Database, UserFlag UserFlag, User Technician, string Comments, List<User> Users, IScheduledTaskStatus Status)
+        public static IEnumerable<UserFlagAssignment> BulkAssignOverrideUsers(DiscoDataContext database, UserFlag userFlag, User techUser, string comments, List<User> users, IScheduledTaskStatus status)
         {
             double progressInterval;
             const int databaseChunkSize = 100;
-            string comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim();
+            comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim();
 
-            Status.UpdateStatus(0, "Calculating assignment changes");
+            status.UpdateStatus(0, "Calculating assignment changes");
 
-            var currentAssignments = Database.UserFlagAssignments.Include("User").Where(a => a.UserFlagId == UserFlag.Id && !a.RemovedDate.HasValue).ToList();
-            var removeAssignments = currentAssignments.Where(ca => !Users.Any(u => u.UserId.Equals(ca.UserId, StringComparison.OrdinalIgnoreCase))).ToList();
-            var addUsers = Users.Where(u => !currentAssignments.Any(ca => ca.UserId.Equals(u.UserId, StringComparison.OrdinalIgnoreCase))).ToList();
+            var currentAssignments = database.UserFlagAssignments.Include(a => a.User).Where(a => a.UserFlagId == userFlag.Id && !a.RemovedDate.HasValue).ToList();
+            var removeAssignments = currentAssignments.Where(ca => !users.Any(u => u.UserId.Equals(ca.UserId, StringComparison.OrdinalIgnoreCase))).ToList();
+            var addUsers = users.Where(u => !currentAssignments.Any(ca => ca.UserId.Equals(u.UserId, StringComparison.OrdinalIgnoreCase))).ToList();
 
             if (removeAssignments.Count > 0 || addUsers.Count > 0)
             {
@@ -184,15 +218,15 @@ namespace Disco.Services.Users.UserFlags
 
                     var chunkResults = chunk.Select((flagAssignment, index) =>
                     {
-                        Status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Removing Flag: {flagAssignment.User.ToString()}");
+                        status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Removing Flag: {flagAssignment.User}");
 
-                        flagAssignment.OnRemoveUnsafe(Database, Technician);
+                        flagAssignment.OnRemoveUnsafe(database, techUser);
 
                         return flagAssignment;
                     }).ToList();
 
                     // Save Chunk Items to Database
-                    Database.SaveChanges();
+                    database.SaveChanges();
 
                     return chunkResults;
                 }).ToList();
@@ -204,24 +238,24 @@ namespace Disco.Services.Users.UserFlags
 
                     var chunkResults = chunk.Select((user, index) =>
                     {
-                        Status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Assigning Flag: {user.ToString()}");
+                        status.UpdateStatus((chunkIndexOffset + index) * progressInterval, string.Format("Assigning Flag: {0}", user.ToString()));
 
-                        return user.OnAddUserFlag(Database, UserFlag, Technician, comments);
+                        return user.OnAddUserFlagUnsafe(database, userFlag, techUser, comments);
                     }).ToList();
 
                     // Save Chunk Items to Database
-                    Database.SaveChanges();
+                    database.SaveChanges();
 
                     return chunkResults;
                 }).ToList();
 
-                Status.SetFinishedMessage($"{addUsers.Count} Users/s Added; {removeAssignments.Count} User/s Removed; {(Users.Count - addUsers.Count)} User/s Skipped");
+                status.SetFinishedMessage($"{addUsers.Count} Users/s Added; {removeAssignments.Count} User/s Removed; {users.Count - addUsers.Count} User/s Skipped");
 
                 return addedUserAssignments;
             }
             else
             {
-                Status.SetFinishedMessage("No changes found");
+                status.SetFinishedMessage("No changes found");
                 return Enumerable.Empty<UserFlagAssignment>();
             }
         }
@@ -229,11 +263,11 @@ namespace Disco.Services.Users.UserFlags
 
         public static string RandomUnusedIcon()
         {
-            return UIHelpers.RandomIcon(_cache.GetUserFlags().Select(f => f.Icon));
+            return UIHelpers.RandomIcon(cache.GetUserFlags().Select(f => f.flag.Icon));
         }
         public static string RandomUnusedThemeColour()
         {
-            return UIHelpers.RandomThemeColour(_cache.GetUserFlags().Select(f => f.IconColour));
+            return UIHelpers.RandomThemeColour(cache.GetUserFlags().Select(f => f.flag.IconColour));
         }
     }
 }
diff --git a/Disco.Services/Users/UserService.cs b/Disco.Services/Users/UserService.cs
index b928629a..44a9e4ba 100644
--- a/Disco.Services/Users/UserService.cs
+++ b/Disco.Services/Users/UserService.cs
@@ -154,7 +154,7 @@ namespace Disco.Services.Users
             AuthorizationLog.LogRoleCreated(role, CurrentUserId);
 
             // Add to Cache
-            RoleCache.AddRole(role);
+            RoleCache.AddOrUpdateRole(role);
 
             // Flush User Cache
             Cache.FlushCache();
@@ -164,7 +164,7 @@ namespace Disco.Services.Users
         public static void DeleteAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role)
         {
             if (Role == null)
-                throw new ArgumentNullException("Role");
+                throw new ArgumentNullException(nameof(Role));
 
             Database.AuthorizationRoles.Remove(Role);
             Database.SaveChanges();
@@ -180,19 +180,27 @@ namespace Disco.Services.Users
         public static void UpdateAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role)
         {
             if (Role == null)
-                throw new ArgumentNullException("Role");
+                throw new ArgumentNullException(nameof(Role));
             if (Database == null)
-                throw new ArgumentNullException("Database");
+                throw new ArgumentNullException(nameof(Database));
 
             Database.SaveChanges();
 
             // Update Role Cache
-            RoleCache.UpdateRole(Role);
+            RoleCache.AddOrUpdateRole(Role);
 
             // Flush User Cache
             Cache.FlushCache();
         }
 
+        public static string GetAuthorizationRoleName(int roleId)
+        {
+            var role = RoleCache.GetRoleToken(roleId);
+            if (role == null)
+                return "Unknown authorization role";
+            return role.Role.Name;
+        }
+
         public static IEnumerable<string> AdministratorSubjectIds
         {
             get
diff --git a/Disco.Services/Web/BaseController.cs b/Disco.Services/Web/BaseController.cs
index f948da9e..d04ea6f1 100644
--- a/Disco.Services/Web/BaseController.cs
+++ b/Disco.Services/Web/BaseController.cs
@@ -12,7 +12,13 @@ namespace Disco.Services.Web
         protected static HttpStatusCodeResult BadRequest(string message = null)
             => StatusCode(HttpStatusCode.BadRequest, message);
 
-        protected static HttpStatusCodeResult StatusCode(HttpStatusCode statusCode, string message = null)
-            => new HttpStatusCodeResult(statusCode, message);
+        protected static HttpStatusCodeResult StatusCode(HttpStatusCode statusCode, string statusDescription = null)
+            => new HttpStatusCodeResult(statusCode, statusDescription);
+
+        protected static HttpNotFoundResult NotFound(string statusDescription = null)
+            => new HttpNotFoundResult(statusDescription);
+
+        protected static HttpUnauthorizedResult Unauthorized(string statusDescription = null)
+            => new HttpUnauthorizedResult(statusDescription);
     }
 }
diff --git a/Disco.Web/Areas/API/Controllers/AuthorizationRoleController.cs b/Disco.Web/Areas/API/Controllers/AuthorizationRoleController.cs
index 1a1be917..569472ae 100644
--- a/Disco.Web/Areas/API/Controllers/AuthorizationRoleController.cs
+++ b/Disco.Web/Areas/API/Controllers/AuthorizationRoleController.cs
@@ -78,14 +78,16 @@ namespace Disco.Web.Areas.API.Controllers
             }
         }
 
-        private void UpdateClaims(AuthorizationRole AuthorizationRole, string[] ClaimKeys)
+        private void UpdateClaims(AuthorizationRole AuthorizationRole, string[] claimKeys)
         {
-            var proposedClaims = Claims.BuildClaims(ClaimKeys);
+            claimKeys = claimKeys ?? Array.Empty<string>();
+
+            var proposedClaims = Claims.BuildClaims(claimKeys);
 
             var currentToken = RoleToken.FromAuthorizationRole(AuthorizationRole);
             var currentClaimKeys = Claims.GetClaimKeys(currentToken.Claims);
-            var removedClaims = currentClaimKeys.Except(ClaimKeys).ToArray();
-            var addedClaims = ClaimKeys.Except(currentClaimKeys).ToArray();
+            var removedClaims = currentClaimKeys.Except(claimKeys).ToArray();
+            var addedClaims = claimKeys.Except(currentClaimKeys).ToArray();
 
             AuthorizationRole.SetClaims(proposedClaims);
             UserService.UpdateAuthorizationRole(Database, AuthorizationRole);
diff --git a/Disco.Web/Areas/API/Controllers/DeviceFlagAssignmentController.cs b/Disco.Web/Areas/API/Controllers/DeviceFlagAssignmentController.cs
index e20b0838..4fcb43df 100644
--- a/Disco.Web/Areas/API/Controllers/DeviceFlagAssignmentController.cs
+++ b/Disco.Web/Areas/API/Controllers/DeviceFlagAssignmentController.cs
@@ -1,6 +1,5 @@
 using Disco.Models.Repository;
 using Disco.Services;
-using Disco.Services.Authorization;
 using Disco.Services.Web;
 using System;
 using System.Data.Entity;
@@ -12,7 +11,7 @@ namespace Disco.Web.Areas.API.Controllers
     public partial class DeviceFlagAssignmentController : AuthorizedDatabaseController
     {
         const string pComments = "comments";
-
+        [HttpPost, ValidateAntiForgeryToken]
         public virtual ActionResult Update(int id, string key, string value = null, bool? redirect = null)
         {
             try
@@ -21,7 +20,9 @@ namespace Disco.Web.Areas.API.Controllers
                     throw new ArgumentOutOfRangeException(nameof(id));
                 if (string.IsNullOrEmpty(key))
                     throw new ArgumentNullException(nameof(key));
-                var assignment = Database.DeviceFlagAssignments.FirstOrDefault(a => a.Id == id);
+                var assignment = Database.DeviceFlagAssignments
+                    .Include(a => a.DeviceFlag)
+                    .FirstOrDefault(a => a.Id == id);
                 if (assignment != null)
                 {
                     switch (key.ToLower())
@@ -52,7 +53,7 @@ namespace Disco.Web.Areas.API.Controllers
         }
 
         #region Update Shortcut Methods
-        [DiscoAuthorizeAny(Claims.Device.Actions.EditFlags)]
+        [HttpPost, ValidateAntiForgeryToken]
         public virtual ActionResult UpdateComments(int id, string Comments = null, bool? redirect = null)
         {
             return Update(id, pComments, Comments, redirect);
@@ -60,20 +61,19 @@ namespace Disco.Web.Areas.API.Controllers
         #endregion
 
         #region Update Properties
-        private void UpdateComments(DeviceFlagAssignment assignment, string Comments)
+        private void UpdateComments(DeviceFlagAssignment assignment, string comments)
         {
-            if (!assignment.CanEditComments())
+            if (!assignment.CanEdit())
                 throw new InvalidOperationException("Editing comments for device flags is denied");
 
-            assignment.OnEditComments(Comments);
+            assignment.OnEdit(comments);
             Database.SaveChanges();
         }
         #endregion
 
         #region Actions
-
-        [DiscoAuthorizeAny(Claims.Device.Actions.AddFlags)]
-        public virtual ActionResult AddDevice(int id, string DeviceSerialNumber, string Comments)
+        [HttpPost, ValidateAntiForgeryToken]
+        public virtual ActionResult AddDevice(int id, string deviceSerialNumber, string comments)
         {
             Database.Configuration.LazyLoadingEnabled = true;
 
@@ -81,37 +81,35 @@ namespace Disco.Web.Areas.API.Controllers
             if (flag == null)
                 throw new ArgumentException("Invalid Device Flag Id", nameof(id));
 
-            var device = Database.Devices.Include(u => u.DeviceFlagAssignments).FirstOrDefault(d => d.SerialNumber == DeviceSerialNumber);
+            var device = Database.Devices.Include(u => u.DeviceFlagAssignments).FirstOrDefault(d => d.SerialNumber == deviceSerialNumber);
             if (device == null)
-                throw new ArgumentException("Invalid Device Serial Number", nameof(DeviceSerialNumber));
+                throw new ArgumentException("Invalid Device Serial Number", nameof(deviceSerialNumber));
 
             if (!device.CanAddDeviceFlag(flag))
-                throw new InvalidOperationException("Adding device flag is denied");
+                return Unauthorized("Adding device flag is denied");
 
-            var addingUser = Database.Users.Find(CurrentUser.UserId);
-
-            var assignment = device.OnAddDeviceFlag(Database, flag, addingUser, Comments);
+            var assignment = device.OnAddDeviceFlag(Database, flag, comments);
 
             Database.SaveChanges();
 
             return Redirect($"{Url.Action(MVC.Device.Show(device.SerialNumber))}#DeviceDetailTab-Flags");
         }
 
-        [DiscoAuthorizeAny(Claims.Device.Actions.RemoveFlags)]
+        [HttpPost, ValidateAntiForgeryToken]
         public virtual ActionResult RemoveDevice(int id)
         {
             Database.Configuration.LazyLoadingEnabled = true;
 
-            var assignment = Database.DeviceFlagAssignments.FirstOrDefault(a => a.Id == id);
+            var assignment = Database.DeviceFlagAssignments
+                .Include(a => a.DeviceFlag)
+                .FirstOrDefault(a => a.Id == id);
             if (assignment == null)
                 throw new ArgumentException("Invalid Device Flag Assignment Id", nameof(id));
 
             if (!assignment.CanRemove())
-                throw new InvalidOperationException("Removing device flag assignment is denied");
+                return Unauthorized("Removing device flag assignment is denied");
 
-            var removingUser = Database.Users.Find(CurrentUser.UserId);
-
-            assignment.OnRemove(Database, removingUser);
+            assignment.OnRemove(Database);
             Database.SaveChanges();
 
             return Redirect($"{Url.Action(MVC.Device.Show(assignment.DeviceSerialNumber))}#DeviceDetailTab-Flags");
@@ -120,4 +118,4 @@ namespace Disco.Web.Areas.API.Controllers
         #endregion
 
     }
-}
\ No newline at end of file
+}
diff --git a/Disco.Web/Areas/API/Controllers/DeviceFlagController.cs b/Disco.Web/Areas/API/Controllers/DeviceFlagController.cs
index 98766d67..090ec0aa 100644
--- a/Disco.Web/Areas/API/Controllers/DeviceFlagController.cs
+++ b/Disco.Web/Areas/API/Controllers/DeviceFlagController.cs
@@ -5,7 +5,9 @@ using Disco.Services.Devices.DeviceFlags;
 using Disco.Services.Exporting;
 using Disco.Services.Interop.ActiveDirectory;
 using Disco.Services.Tasks;
+using Disco.Services.Users.UserFlags;
 using Disco.Services.Web;
+using Disco.Web.Areas.API.Models.Shared;
 using Disco.Web.Areas.Config.Models.DeviceFlag;
 using Disco.Web.Extensions;
 using System;
@@ -467,6 +469,24 @@ namespace Disco.Web.Areas.API.Controllers
             return RedirectToAction(MVC.Config.Export.Create(savedExport.Id));
         }
 
+        [DiscoAuthorize(Claims.Config.DeviceFlag.Configure)]
+        [HttpPost, ValidateAntiForgeryToken]
+        public virtual ActionResult Permission(int id, FlagPermissionModel model = null)
+        {
+            var deviceFlag = Database.DeviceFlags.Find(id);
+
+            if (deviceFlag == null)
+                return NotFound();
+
+            if (model == null || !model.IsOverride)
+                deviceFlag.Permissions = null;
+            else
+                deviceFlag.Permissions = model.ToFlagPermission(deviceFlag);
+
+            DeviceFlagService.Update(Database, deviceFlag);
+
+            return RedirectToAction(MVC.Config.DeviceFlag.Index(deviceFlag.Id));
+        }
         #endregion
     }
 }
\ No newline at end of file
diff --git a/Disco.Web/Areas/API/Controllers/SystemController.cs b/Disco.Web/Areas/API/Controllers/SystemController.cs
index 09fbc256..8f9592b2 100644
--- a/Disco.Web/Areas/API/Controllers/SystemController.cs
+++ b/Disco.Web/Areas/API/Controllers/SystemController.cs
@@ -4,7 +4,9 @@ using Disco.Services.Authorization;
 using Disco.Services.Interop.ActiveDirectory;
 using Disco.Services.Interop.DiscoServices;
 using Disco.Services.Messaging;
+using Disco.Services.Users;
 using Disco.Services.Web;
+using Disco.Web.Areas.API.Models.Shared;
 using System;
 using System.Collections.Generic;
 using System.Drawing;
@@ -320,38 +322,64 @@ namespace Disco.Web.Areas.API.Controllers
             };
         }
 
-        [DiscoAuthorizeAny(Claims.DiscoAdminAccount, Claims.Config.JobQueue.Configure)]
-        public virtual ActionResult SearchSubjects(string term)
+        [DiscoAuthorizeAny(Claims.DiscoAdminAccount, Claims.Config.JobQueue.Configure, Claims.Config.UserFlag.Configure, Claims.Config.DeviceFlag.Configure)]
+        public virtual ActionResult SearchSubjects(string term, bool includeAuthorizationRoles = false)
         {
-            var groupResults = ActiveDirectory.SearchADGroups(term).Cast<IADObject>();
-            var userResults = ActiveDirectory.SearchADUserAccounts(term, true).Cast<IADObject>();
+            var groupResults = ActiveDirectory.SearchADGroups(term).Select(r => SubjectDescriptorModel.FromActiveDirectoryObject(r));
+            var userResults = ActiveDirectory.SearchADUserAccounts(term, true).Select(r => SubjectDescriptorModel.FromActiveDirectoryObject(r));
 
-            var results = groupResults.Concat(userResults).OrderBy(r => r.SamAccountName)
-                .Select(r => Models.Shared.SubjectDescriptorModel.FromActiveDirectoryObject(r)).ToList();
+            IEnumerable<SubjectDescriptorModel> roleResults;
+            if (includeAuthorizationRoles)
+            {
+                roleResults = Database.AuthorizationRoles.AsNoTracking().Where(r => r.Name.Contains(term))
+                    .ToList()
+                    .Select(r => SubjectDescriptorModel.FromAuthorizationRole(r));
+            }
+            else
+                roleResults = Enumerable.Empty<SubjectDescriptorModel>();
+
+            var results = groupResults.Concat(userResults).Concat(roleResults)
+                .OrderBy(r => r.Id).ToList();
 
             return Json(results, JsonRequestBehavior.AllowGet);
         }
 
-        [DiscoAuthorizeAny(Claims.Config.UserFlag.Configure)]
+        [DiscoAuthorizeAny(Claims.DiscoAdminAccount, Claims.Config.DeviceProfile.Configure, Claims.Config.DocumentTemplate.Configure, Claims.Config.Plugin.Configure, Claims.Config.UserFlag.Configure, Claims.Config.DeviceFlag.Configure)]
         public virtual ActionResult SearchGroupSubjects(string term)
         {
             var groupResults = ActiveDirectory.SearchADGroups(term).Cast<IADObject>();
 
             var results = groupResults.OrderBy(r => r.SamAccountName)
-                .Select(r => Models.Shared.SubjectDescriptorModel.FromActiveDirectoryObject(r)).ToList();
+                .Select(r => SubjectDescriptorModel.FromActiveDirectoryObject(r)).ToList();
 
             return Json(results, JsonRequestBehavior.AllowGet);
         }
 
-        [DiscoAuthorizeAny(Claims.DiscoAdminAccount, Claims.Config.JobQueue.Configure)]
-        public virtual ActionResult Subject(string Id)
+        [DiscoAuthorizeAny(Claims.DiscoAdminAccount, Claims.Config.JobQueue.Configure, Claims.Config.UserFlag.Configure, Claims.Config.DeviceFlag.Configure)]
+        public virtual ActionResult Subject(string Id, bool includeAuthorizationRoles = false)
         {
+            if (string.IsNullOrWhiteSpace(Id))
+                return Json(null, JsonRequestBehavior.AllowGet);
+
+            if (Id.StartsWith("[", StringComparison.Ordinal))
+            {
+                if (includeAuthorizationRoles && int.TryParse(Id.Trim('[', ']'), out var roleId))
+                {
+                    var roleName = UserService.GetAuthorizationRoleName(roleId);
+                    if (roleName != null)
+                    {
+                        return Json(SubjectDescriptorModel.FromAuthorizationRole(roleId, roleName), JsonRequestBehavior.AllowGet);
+                    }
+                }
+                return Json(null, JsonRequestBehavior.AllowGet);
+            }
+
             var subject = ActiveDirectory.RetrieveADObject(Id, Quick: true);
 
             if (subject == null)
                 return Json(null, JsonRequestBehavior.AllowGet);
             else
-                return Json(Models.Shared.SubjectDescriptorModel.FromActiveDirectoryObject(subject), JsonRequestBehavior.AllowGet);
+                return Json(SubjectDescriptorModel.FromActiveDirectoryObject(subject), JsonRequestBehavior.AllowGet);
         }
 
         [DiscoAuthorizeAny(Claims.Config.UserFlag.Configure, Claims.Config.DeviceFlag.Configure, Claims.Config.DeviceProfile.Configure, Claims.Config.DocumentTemplate.Configure)]
diff --git a/Disco.Web/Areas/API/Controllers/UserFlagAssignmentController.cs b/Disco.Web/Areas/API/Controllers/UserFlagAssignmentController.cs
index a89e3f2e..b243bba2 100644
--- a/Disco.Web/Areas/API/Controllers/UserFlagAssignmentController.cs
+++ b/Disco.Web/Areas/API/Controllers/UserFlagAssignmentController.cs
@@ -12,7 +12,7 @@ namespace Disco.Web.Areas.API.Controllers
     public partial class UserFlagAssignmentController : AuthorizedDatabaseController
     {
         const string pComments = "comments";
-
+        [HttpPost, ValidateAntiForgeryToken]
         public virtual ActionResult Update(int id, string key, string value = null, bool? redirect = null)
         {
             try
@@ -21,7 +21,9 @@ namespace Disco.Web.Areas.API.Controllers
                     throw new ArgumentOutOfRangeException(nameof(id));
                 if (string.IsNullOrEmpty(key))
                     throw new ArgumentNullException(nameof(key));
-                var userFlagAssignment = Database.UserFlagAssignments.FirstOrDefault(a => a.Id == id);
+                var userFlagAssignment = Database.UserFlagAssignments
+                    .Include(a => a.UserFlag)
+                    .FirstOrDefault(a => a.Id == id);
                 if (userFlagAssignment != null)
                 {
                     switch (key.ToLower())
@@ -52,7 +54,7 @@ namespace Disco.Web.Areas.API.Controllers
         }
 
         #region Update Shortcut Methods
-        [DiscoAuthorizeAny(Claims.User.Actions.EditFlags)]
+        [HttpPost, ValidateAntiForgeryToken]
         public virtual ActionResult UpdateComments(int id, string Comments = null, bool? redirect = null)
         {
             return Update(id, pComments, Comments, redirect);
@@ -60,19 +62,19 @@ namespace Disco.Web.Areas.API.Controllers
         #endregion
 
         #region Update Properties
-        private void UpdateComments(UserFlagAssignment userFlagAssignment, string Comments)
+        private void UpdateComments(UserFlagAssignment userFlagAssignment, string comments)
         {
-            if (!userFlagAssignment.CanEditComments())
+            if (!userFlagAssignment.CanEdit())
                 throw new InvalidOperationException("Editing comments for user flags is denied");
 
-            userFlagAssignment.OnEditComments(Comments);
+            userFlagAssignment.OnEdit(comments);
             Database.SaveChanges();
         }
         #endregion
 
         #region Actions
 
-        [DiscoAuthorizeAny(Claims.User.Actions.AddFlags)]
+        [HttpPost, ValidateAntiForgeryToken]
         public virtual ActionResult AddUser(int id, string UserId, string Comments)
         {
             Database.Configuration.LazyLoadingEnabled = true;
@@ -86,32 +88,30 @@ namespace Disco.Web.Areas.API.Controllers
                 throw new ArgumentException("Invalid User Id", nameof(UserId));
 
             if (!user.CanAddUserFlag(userFlag))
-                throw new InvalidOperationException("Adding user flag is denied");
+                return Unauthorized("Adding user flag is denied");
 
-            var addingUser = Database.Users.Find(CurrentUser.UserId);
-
-            var userFlagAssignment = user.OnAddUserFlag(Database, userFlag, addingUser, Comments);
+            var userFlagAssignment = user.OnAddUserFlag(Database, userFlag, Comments);
 
             Database.SaveChanges();
 
             return Redirect($"{Url.Action(MVC.User.Show(user.UserId))}#UserDetailTab-Flags");
         }
 
-        [DiscoAuthorizeAny(Claims.User.Actions.RemoveFlags)]
+        [HttpPost, ValidateAntiForgeryToken]
         public virtual ActionResult RemoveUser(int id)
         {
             Database.Configuration.LazyLoadingEnabled = true;
 
-            var userFlagAssignment = Database.UserFlagAssignments.FirstOrDefault(a => a.Id == id);
+            var userFlagAssignment = Database.UserFlagAssignments
+                .Include(a => a.UserFlag)
+                .FirstOrDefault(a => a.Id == id);
             if (userFlagAssignment == null)
                 throw new ArgumentException("Invalid User Flag Assignment Id", nameof(id));
 
             if (!userFlagAssignment.CanRemove())
-                throw new InvalidOperationException("Removing user flag assignment is denied");
+                return Unauthorized("Removing user flag assignment is denied");
 
-            var removingUser = Database.Users.Find(CurrentUser.UserId);
-
-            userFlagAssignment.OnRemove(Database, removingUser);
+            userFlagAssignment.OnRemove(Database);
             Database.SaveChanges();
 
             return Redirect($"{Url.Action(MVC.User.Show(userFlagAssignment.UserId))}#UserDetailTab-Flags");
@@ -120,4 +120,4 @@ namespace Disco.Web.Areas.API.Controllers
         #endregion
 
     }
-}
\ No newline at end of file
+}
diff --git a/Disco.Web/Areas/API/Controllers/UserFlagController.cs b/Disco.Web/Areas/API/Controllers/UserFlagController.cs
index ccd26005..3b70088b 100644
--- a/Disco.Web/Areas/API/Controllers/UserFlagController.cs
+++ b/Disco.Web/Areas/API/Controllers/UserFlagController.cs
@@ -6,6 +6,7 @@ using Disco.Services.Interop.ActiveDirectory;
 using Disco.Services.Tasks;
 using Disco.Services.Users.UserFlags;
 using Disco.Services.Web;
+using Disco.Web.Areas.API.Models.Shared;
 using Disco.Web.Areas.Config.Models.UserFlag;
 using Disco.Web.Extensions;
 using System;
@@ -467,6 +468,24 @@ namespace Disco.Web.Areas.API.Controllers
             return RedirectToAction(MVC.Config.Export.Create(savedExport.Id));
         }
 
+        [DiscoAuthorize(Claims.Config.UserFlag.Configure)]
+        [HttpPost, ValidateAntiForgeryToken]
+        public virtual ActionResult Permission(int id, FlagPermissionModel model = null)
+        {
+            var userFlag = Database.UserFlags.Find(id);
+
+            if (userFlag == null)
+                return NotFound();
+
+            if (model == null || !model.IsOverride)
+                userFlag.Permissions = null;
+            else
+                userFlag.Permissions = model.ToFlagPermission(userFlag);
+
+            UserFlagService.Update(Database, userFlag);
+
+            return RedirectToAction(MVC.Config.UserFlag.Index(userFlag.Id));
+        }
         #endregion
     }
 }
\ No newline at end of file
diff --git a/Disco.Web/Areas/API/Models/Shared/FlagPermissionModel.cs b/Disco.Web/Areas/API/Models/Shared/FlagPermissionModel.cs
new file mode 100644
index 00000000..58912c38
--- /dev/null
+++ b/Disco.Web/Areas/API/Models/Shared/FlagPermissionModel.cs
@@ -0,0 +1,21 @@
+using Disco.Models.Repository;
+using System.Collections.Generic;
+
+namespace Disco.Web.Areas.API.Models.Shared
+{
+    public class FlagPermissionModel
+    {
+        public bool IsOverride { get; set; }
+        public bool Inherit { get; set; }
+        public List<string> CanShow { get; set; }
+        public List<string> CanAssign { get; set; }
+        public List<string> CanEdit { get; set; }
+        public List<string> CanRemove { get; set; }
+
+        public FlagPermission ToFlagPermission(UserFlag userFlag)
+            => FlagPermission.Create(userFlag, Inherit, CanShow, CanAssign, CanEdit, CanRemove);
+
+        public FlagPermission ToFlagPermission(DeviceFlag deviceFlag)
+            => FlagPermission.Create(deviceFlag, Inherit, CanShow, CanAssign, CanEdit, CanRemove);
+    }
+}
diff --git a/Disco.Web/Areas/API/Models/Shared/SubjectDescriptorModel.cs b/Disco.Web/Areas/API/Models/Shared/SubjectDescriptorModel.cs
index 3699998b..cdd5b2a3 100644
--- a/Disco.Web/Areas/API/Models/Shared/SubjectDescriptorModel.cs
+++ b/Disco.Web/Areas/API/Models/Shared/SubjectDescriptorModel.cs
@@ -1,4 +1,5 @@
-using Disco.Services.Interop.ActiveDirectory;
+using Disco.Models.Repository;
+using Disco.Services.Interop.ActiveDirectory;
 
 namespace Disco.Web.Areas.API.Models.Shared
 {
@@ -43,5 +44,19 @@ namespace Disco.Web.Areas.API.Models.Shared
 
             return item;
         }
+
+        public static SubjectDescriptorModel FromAuthorizationRole(int roleId, string roleName)
+        {
+            return new SubjectDescriptorModel()
+            {
+                Id = $"[{roleId}]",
+                Name = roleName,
+                Type = "role",
+                IsGroup = true
+            };
+        }
+
+        public static SubjectDescriptorModel FromAuthorizationRole(AuthorizationRole role)
+            => FromAuthorizationRole(role.Id, role.Name);
     }
 }
\ No newline at end of file
diff --git a/Disco.Web/Areas/Config/Controllers/DeviceFlagController.cs b/Disco.Web/Areas/Config/Controllers/DeviceFlagController.cs
index 9eef3f4b..da77d0a7 100644
--- a/Disco.Web/Areas/Config/Controllers/DeviceFlagController.cs
+++ b/Disco.Web/Areas/Config/Controllers/DeviceFlagController.cs
@@ -47,6 +47,9 @@ namespace Disco.Web.Areas.Config.Controllers
                     m.ThemeColours = UIHelpers.ThemeColours;
                 }
 
+                var (_, permission) = DeviceFlagService.GetDeviceFlag(m.DeviceFlag.Id);
+                m.Permission = permission;
+
                 // UI Extensions
                 UIExtensions.ExecuteExtensions<ConfigDeviceFlagShowModel>(ControllerContext, m);
 
@@ -121,7 +124,7 @@ namespace Disco.Web.Areas.Config.Controllers
             var m = new ExportModel()
             {
                 Options = Database.DiscoConfiguration.DeviceFlags.LastExportOptions,
-                DeviceFlags = DeviceFlagService.GetDeviceFlags(),
+                DeviceFlags = DeviceFlagService.GetDeviceFlags().Select(f => f.flag).ToList(),
             };
 
             m.Fields = ExportFieldsModel.Create(m.Options, DeviceFlagExportOptions.DefaultOptions(), nameof(DeviceFlagExportOptions.CurrentOnly));
diff --git a/Disco.Web/Areas/Config/Controllers/UserFlagController.cs b/Disco.Web/Areas/Config/Controllers/UserFlagController.cs
index 56123b8d..854d7368 100644
--- a/Disco.Web/Areas/Config/Controllers/UserFlagController.cs
+++ b/Disco.Web/Areas/Config/Controllers/UserFlagController.cs
@@ -46,6 +46,9 @@ namespace Disco.Web.Areas.Config.Controllers
                     m.ThemeColours = UIHelpers.ThemeColours;
                 }
 
+                var (flag, permission) = UserFlagService.GetUserFlag(m.UserFlag.Id);
+                m.Permission = permission;
+
                 // UI Extensions
                 UIExtensions.ExecuteExtensions<ConfigUserFlagShowModel>(ControllerContext, m);
 
@@ -122,7 +125,7 @@ namespace Disco.Web.Areas.Config.Controllers
             var m = new ExportModel()
             {
                 Options = Database.DiscoConfiguration.UserFlags.LastExportOptions,
-                UserFlags = UserFlagService.GetUserFlags(),
+                UserFlags = UserFlagService.GetUserFlags().Select(f => f.flag).ToList(),
             };
 
             m.Fields = ExportFieldsModel.Create(m.Options, UserFlagExportOptions.DefaultOptions(), nameof(UserFlagExportOptions.CurrentOnly));
diff --git a/Disco.Web/Areas/Config/Models/DeviceFlag/ShowModel.cs b/Disco.Web/Areas/Config/Models/DeviceFlag/ShowModel.cs
index aeadb7b4..1d49330e 100644
--- a/Disco.Web/Areas/Config/Models/DeviceFlag/ShowModel.cs
+++ b/Disco.Web/Areas/Config/Models/DeviceFlag/ShowModel.cs
@@ -1,4 +1,5 @@
-using Disco.Models.UI.Config.DeviceFlag;
+using Disco.Models.Repository;
+using Disco.Models.UI.Config.DeviceFlag;
 using Disco.Services.Devices.DeviceFlags;
 using System.Collections.Generic;
 
@@ -16,5 +17,7 @@ namespace Disco.Web.Areas.Config.Models.DeviceFlag
 
         public IEnumerable<KeyValuePair<string, string>> Icons { get; set; }
         public IEnumerable<KeyValuePair<string, string>> ThemeColours { get; set; }
+
+        public FlagPermission Permission { get; set; }
     }
 }
diff --git a/Disco.Web/Areas/Config/Models/UserFlag/ShowModel.cs b/Disco.Web/Areas/Config/Models/UserFlag/ShowModel.cs
index d2733540..f3a57812 100644
--- a/Disco.Web/Areas/Config/Models/UserFlag/ShowModel.cs
+++ b/Disco.Web/Areas/Config/Models/UserFlag/ShowModel.cs
@@ -1,4 +1,5 @@
-using Disco.Models.UI.Config.UserFlag;
+using Disco.Models.Repository;
+using Disco.Models.UI.Config.UserFlag;
 using Disco.Services.Users.UserFlags;
 using System.Collections.Generic;
 
@@ -16,5 +17,7 @@ namespace Disco.Web.Areas.Config.Models.UserFlag
 
         public IEnumerable<KeyValuePair<string, string>> Icons { get; set; }
         public IEnumerable<KeyValuePair<string, string>> ThemeColours { get; set; }
+
+        public FlagPermission Permission { get; set; }
     }
 }
\ No newline at end of file
diff --git a/Disco.Web/Areas/Config/Views/AuthorizationRole/Show.cshtml b/Disco.Web/Areas/Config/Views/AuthorizationRole/Show.cshtml
index a41fa141..a7970c74 100644
--- a/Disco.Web/Areas/Config/Views/AuthorizationRole/Show.cshtml
+++ b/Disco.Web/Areas/Config/Views/AuthorizationRole/Show.cshtml
@@ -237,7 +237,7 @@
                 <div id="Config_AuthRoles_Claims_Tree">
                 </div>
                 <div>
-                    <button type="button" id="Config_AuthRoles_Claims_SaveChanges" class="button small disabled" data-saveurl="@Url.Action(MVC.API.AuthorizationRole.UpdateClaims(Model.Token.Role.Id))">Save Changes</button>@AjaxHelpers.AjaxLoader()
+                    <button type="button" typeof="button" id="Config_AuthRoles_Claims_SaveChanges" class="button small disabled" data-saveurl="@Url.Action(MVC.API.AuthorizationRole.UpdateClaims(Model.Token.Role.Id))">Save Changes</button>@AjaxHelpers.AjaxLoader()
                 </div>
                 <script id="Config_AuthRoles_Claims_NodesJson" type="application/json">
                     @Html.Raw(Newtonsoft.Json.JsonConvert.SerializeObject(Model.ClaimNavigatorFancyTreeNodes))
@@ -286,7 +286,7 @@
                                             saveButton.addClass('disabled');
                                             ajaxLoading.next('.ajaxOk').show().delay('fast').fadeOut('slow');
                                         } else {
-                                            alert('Unable to save changes:\n' + response);
+                                            alert('Unable to save changes:\n' + response.statusText);
                                         }
                                     } catch (e) {
                                         alert('Error: ' + e);
diff --git a/Disco.Web/Areas/Config/Views/AuthorizationRole/Show.generated.cs b/Disco.Web/Areas/Config/Views/AuthorizationRole/Show.generated.cs
index 7e5d5eae..ecd3ed40 100644
--- a/Disco.Web/Areas/Config/Views/AuthorizationRole/Show.generated.cs
+++ b/Disco.Web/Areas/Config/Views/AuthorizationRole/Show.generated.cs
@@ -656,6 +656,8 @@ WriteLiteral(">\r\n                </div>\r\n                <div>\r\n
 
 WriteLiteral(" type=\"button\"");
 
+WriteLiteral(" typeof=\"button\"");
+
 WriteLiteral(" id=\"Config_AuthRoles_Claims_SaveChanges\"");
 
 WriteLiteral(" class=\"button small disabled\"");
@@ -664,7 +666,7 @@ WriteLiteral(" data-saveurl=\"");
 
             
             #line 240 "..\..\Areas\Config\Views\AuthorizationRole\Show.cshtml"
-                                                                                                                          Write(Url.Action(MVC.API.AuthorizationRole.UpdateClaims(Model.Token.Role.Id)));
+                                                                                                                                          Write(Url.Action(MVC.API.AuthorizationRole.UpdateClaims(Model.Token.Role.Id)));
 
             
             #line default
@@ -675,7 +677,7 @@ WriteLiteral(">Save Changes</button>");
 
             
             #line 240 "..\..\Areas\Config\Views\AuthorizationRole\Show.cshtml"
-                                                                                                                                                                                                                         Write(AjaxHelpers.AjaxLoader());
+                                                                                                                                                                                                                                         Write(AjaxHelpers.AjaxLoader());
 
             
             #line default
@@ -728,13 +730,13 @@ WriteLiteral("\r\n                </script>\r\n                <script>\r\n
 "dClass(\'disabled\');\r\n                                            ajaxLoading.nex" +
 "t(\'.ajaxOk\').show().delay(\'fast\').fadeOut(\'slow\');\r\n                            " +
 "            } else {\r\n                                            alert(\'Unable " +
-"to save changes:\\n\' + response);\r\n                                        }\r\n   " +
-"                                 } catch (e) {\r\n                                " +
-"        alert(\'Error: \' + e);\r\n                                    }\r\n          " +
-"                          ajaxLoading.hide();\r\n                                }" +
-"\r\n                            });\r\n                        });\r\n                " +
-"    })();\r\n                </script>\r\n            </td>\r\n        </tr>\r\n    </ta" +
-"ble>\r\n</div>\r\n<div");
+"to save changes:\\n\' + response.statusText);\r\n                                   " +
+"     }\r\n                                    } catch (e) {\r\n                     " +
+"                   alert(\'Error: \' + e);\r\n                                    }\r" +
+"\n                                    ajaxLoading.hide();\r\n                      " +
+"          }\r\n                            });\r\n                        });\r\n     " +
+"               })();\r\n                </script>\r\n            </td>\r\n        </tr" +
+">\r\n    </table>\r\n</div>\r\n<div");
 
 WriteLiteral(" class=\"actionBar\"");
 
diff --git a/Disco.Web/Areas/Config/Views/DeviceFlag/Show.cshtml b/Disco.Web/Areas/Config/Views/DeviceFlag/Show.cshtml
index d466ee35..7f20a509 100644
--- a/Disco.Web/Areas/Config/Views/DeviceFlag/Show.cshtml
+++ b/Disco.Web/Areas/Config/Views/DeviceFlag/Show.cshtml
@@ -15,6 +15,7 @@
     var canExportAll = Model.TotalAssignmentCount > 0 && Authorization.Has(Claims.Config.DeviceFlag.Export);
 
     var hideAdvanced =
+        Model.Permission.IsDefault() &&
         Model.DeviceFlag.DevicesLinkedGroup == null &&
         Model.DeviceFlag.DeviceUsersLinkedGroup == null &&
         Model.DeviceFlag.OnAssignmentExpression == null &&
@@ -38,10 +39,11 @@
             </th>
             <td>
                 @if (canConfig)
-                {@Html.EditorFor(model => model.DeviceFlag.Name)
-                @AjaxHelpers.AjaxSave()
-                @AjaxHelpers.AjaxLoader()
-                <script type="text/javascript">
+                {
+                    @Html.EditorFor(model => model.DeviceFlag.Name)
+                    @AjaxHelpers.AjaxSave()
+                    @AjaxHelpers.AjaxLoader()
+                    <script type="text/javascript">
                         $(function () {
                             document.DiscoFunctions.PropertyChangeHelper(
                                 $('#DeviceFlag_Name'),
@@ -50,12 +52,12 @@
                                 'FlagName'
                             );
                         });
-                </script>
-            }
-            else
-            {
-                @Model.DeviceFlag.Name
-            }
+                    </script>
+                }
+                else
+                {
+                    @Model.DeviceFlag.Name
+                }
             </td>
         </tr>
         <tr>
@@ -227,6 +229,340 @@
                 </td>
             </tr>
         }
+        <tr class="Config_HideAdvanced_Item">
+            <th>
+                Assignment Permission<br />
+                Override:
+            </th>
+            <td>
+                @if (!Model.Permission.IsDefault())
+                {
+                    var permission = Model.Permission;
+                    <div>
+                        @if (permission.Inherit)
+                        {
+                            <span><i class="fa fa-check-square-o"></i> Inheriting from Authorization Roles</span>
+                        }
+                        else
+                        {
+                            <span><i class="fa fa-square-o"></i> Authorization Roles are Ignored</span>
+                        }
+                    </div>
+                    if (!permission.HasSubjects())
+                    {
+                        <span class="smallMessage">There are no users/groups associated with this permission override</span>
+                    }
+                    else
+                    {
+                        if (permission.IsSimple())
+                        {
+                            <table class="tableData">
+                                <thead>
+                                    <tr>
+                                        <th>Users/Groups/Roles</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    @foreach (var subjectId in permission.CanShowSubjectIds)
+                                    {
+                                        <tr>
+                                            <td>
+                                                @{
+                                                    int roleId;
+                                                    if (subjectId.StartsWith("[") && int.TryParse(subjectId.Trim('[', ']'), out roleId))
+                                                    {
+                                                        <span>@Disco.Services.Users.UserService.GetAuthorizationRoleName(roleId) @subjectId</span>
+                                                    }
+                                                    else
+                                                    {
+                                                        <span>@subjectId</span>
+                                                    }
+                                                }
+                                            </td>
+                                        </tr>
+                                    }
+                                </tbody>
+                            </table>
+                            <div class="info-box">
+                                <p class="fa-p">
+                                    <i class="fa fa-fw fa-info-circle"></i> All users/groups/roles can view, assign, edit assignments, and remove assignments for this flag.
+                                </p>
+                            </div>
+                        }
+                        else
+                        {
+                            var subjects = permission.AllSubjects();
+                            <table class="tableData">
+                                <thead>
+                                    <tr>
+                                        <th>Users/Groups/Roles</th>
+                                        <th>View</th>
+                                        <th>Assign</th>
+                                        <th>Edit</th>
+                                        <th>Remove</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    @foreach (var subjectId in subjects.OrderBy(s => s))
+                                    {
+                                        <tr>
+                                            <td>
+                                                <i class="fa"></i> @{
+                                                    int roleId;
+                                                    if (subjectId.StartsWith("[") && int.TryParse(subjectId.Trim('[', ']'), out roleId))
+                                                    {
+                                                        <span>@Disco.Services.Users.UserService.GetAuthorizationRoleName(roleId) @subjectId</span>
+                                                    }
+                                                    else
+                                                    {
+                                                        <span>@subjectId</span>
+                                                    }
+                                                }
+                                            </td>
+                                            <td>
+                                                @if (permission.CanShowSubjectIds.Contains(subjectId))
+                                                {
+                                                    <i class="fa fa-fw fa-check"></i>
+                                                }
+                                            </td>
+                                            <td>
+                                                @if (permission.CanAssignSubjectIds.Contains(subjectId))
+                                                {
+                                                    <i class="fa fa-fw fa-check"></i>
+                                                }
+                                            </td>
+                                            <td>
+                                                @if (permission.CanEditSubjectIds.Contains(subjectId))
+                                                {
+                                                    <i class="fa fa-fw fa-check"></i>
+                                                }
+                                            </td>
+                                            <td>
+                                                @if (permission.CanRemoveSubjectIds.Contains(subjectId))
+                                                {
+                                                    <i class="fa fa-fw fa-check"></i>
+                                                }
+                                            </td>
+                                        </tr>
+                                    }
+                                </tbody>
+                            </table>
+                        }
+
+                    }
+                }
+                @if (canConfig)
+                {
+                    var permission = Model.Permission;
+                    <button id="Config_Flag_Permission_Edit" class="button small">@(permission.IsDefault() ? "Override" : "Edit") Permission</button>
+
+                    <div id="Config_Flag_Permissions" class="dialog" title="Flag Assignment Permission Override">
+                        @using (Html.BeginForm(MVC.API.DeviceFlag.Permission(Model.DeviceFlag.Id)))
+                        {
+                            @Html.AntiForgeryToken()
+                            <input type="hidden" name="IsOverride" value="true" />
+                            <div id="Config_Flag_Permissions_Inherit_Container">
+                                <label>
+                                    <input id="Config_Flag_Permissions_Inherit" type="checkbox" name="Inherit" value="true" @(permission.Inherit ? "checked" : null) /> Inherit Authorization from Authorization Roles
+                                </label>
+                            </div>
+                            <div class="tableDataContainer">
+                                <table class="tableData">
+                                    <thead>
+                                        <tr>
+                                            <th>User/Group/Role</th>
+                                            <th>View</th>
+                                            <th>Assign</th>
+                                            <th>Edit</th>
+                                            <th>Remove</th>
+                                        </tr>
+                                    </thead>
+                                    <tbody>
+                                        @{
+                                            var subjects = permission.AllSubjects();
+
+                                            foreach (var subjectId in subjects.OrderBy(s => s))
+                                            {
+                                                <tr data-subjectid="@subjectId">
+                                                    <td><i class="fa type"></i> <span>@subjectId</span><i class="fa fa-times-circle remove"></i></td>
+                                                    <td>
+                                                        <input type="checkbox" name="CanShow" value="@subjectId" @(permission.CanShowSubjectIds.Contains(subjectId) ? " checked" : null) />
+                                                    </td>
+                                                    <td>
+                                                        <input type="checkbox" name="CanAssign" value="@subjectId" @(permission.CanAssignSubjectIds.Contains(subjectId) ? " checked" : null) />
+                                                    </td>
+                                                    <td>
+                                                        <input type="checkbox" name="CanEdit" value="@subjectId" @(permission.CanEditSubjectIds.Contains(subjectId) ? " checked" : null) />
+                                                    </td>
+                                                    <td>
+                                                        <input type="checkbox" name="CanRemove" value="@subjectId" @(permission.CanRemoveSubjectIds.Contains(subjectId) ? " checked" : null) />
+                                                    </td>
+                                                </tr>
+                                            }
+                                        }
+                                    </tbody>
+                                </table>
+                            </div>
+                            <div>
+                                <input type="text" id="Config_Flag_Permissions_Subject_Input" placeholder="Search Users/Groups/Roles" data-autocompleteurl="@(Url.Action(MVC.API.System.SearchSubjects(null, includeAuthorizationRoles: true)))" />
+                                <button type="button" id="Config_Flag_Permissions_Subject_Add" class="button small" data-subjecturl="@Url.Action(MVC.API.System.Subject(null, includeAuthorizationRoles: true))">Add</button>
+                            </div>
+                        }
+                    </div>
+                    <script>
+                        $(function () {
+                            let $dialog = null;
+                            let originalSubjects = null;
+                            let originalInherit = null;
+                            $('#Config_Flag_Permission_Edit').on('click', async function () {
+                                if (!$dialog) {
+                                    $dialog = $('#Config_Flag_Permissions');
+                                    const $tbody = $dialog.find('tbody');
+                                    const $inherit = $dialog.find('#Config_Flag_Permissions_Inherit');
+                                    const $input = $dialog.find('#Config_Flag_Permissions_Subject_Input');
+                                    const $add = $dialog.find('#Config_Flag_Permissions_Subject_Add');
+
+                                    $dialog.dialog({
+                                        resizable: false,
+                                        modal: true,
+                                        autoOpen: false,
+                                        width: 550,
+                                        height: 420,
+                                        buttons: {
+                                            Cancel: function () {
+                                                $(this).dialog('close');
+                                                $tbody.html(originalSubjects);
+                                                $inherit.prop('checked', originalInherit);
+                                            },
+                                            'Remove Override': function () {
+                                                const $this = $(this);
+                                                $(this).dialog('option', 'buttons', null);
+                                                $this.find('input[name="IsOverride"]').val('false');
+                                                $this.find('form').trigger('submit');
+                                            },
+                                            'Save Changes': function () {
+                                                $(this).dialog('option', 'buttons', null);
+                                                $(this).find('form').trigger('submit');
+                                            }
+                                        }
+                                    });
+
+                                    $tbody.on('click', 'i.remove', function () {
+                                        $(this).closest('tr').remove();
+                                    });
+
+                                    $input
+                                        .autocomplete({
+                                            source: $input.attr('data-autocompleteurl'),
+                                            minLength: 2,
+                                            focus: function (e, ui) {
+                                                $input.val(ui.item.Id);
+                                                return false;
+                                            },
+                                            select: function (e, ui) {
+                                                $input.val(ui.item.Id).blur();
+                                                $add.trigger('click');
+                                                $input.val('');
+                                                return false;
+                                            }
+                                        }).data('ui-autocomplete')._renderItem = function (ul, item) {
+                                            return $("<li></li>")
+                                                .data('item.autocomplete', item)
+                                                .append('<a><strong>' + item.Name + '</strong><br>' + item.Id + ' (' + item.Type + ')</a>')
+                                                .appendTo(ul);
+                                        };
+
+                                    $add.on('click', async function () {
+                                        const value = $input.val();
+                                        if (!value) {
+                                            $input.focus();
+                                            return;
+                                        }
+                                        const existing = $tbody.find('tr').filter(function () {
+                                            return $(this).attr('data-subjectid') === value;
+                                        });
+                                        if (existing.length !== 0) {
+                                            $input.val('');
+                                            $input.focus();
+                                            return;
+                                        }
+
+                                        const body = new FormData();
+                                        body.append('id', value);
+                                        const response = await fetch($add.attr('data-subjecturl'), {
+                                            body: body,
+                                            method: 'POST'
+                                        });
+
+                                        if (!response.ok) {
+                                            alert('Unable to lookup User/Group/Role: ' + response.statusText);
+                                            $input.focus();
+                                            return;
+                                        }
+
+                                        const subject = await response.json();
+
+                                        if (!subject) {
+                                            alert('Invalid User/Group/Role');
+                                            $input.focus();
+                                            return;
+                                        }
+
+                                        const $record = $('<tr><td><i class="fa type"></i> <span></span><i class="fa fa-times-circle remove"></i></td><td><input type="checkbox" name="CanShow" checked /></td><td><input type="checkbox" name="CanAssign" checked /></td><td><input type="checkbox" name="CanEdit" checked /></td><td><input type="checkbox" name="CanRemove" checked /></td></tr>');
+                                        $record.attr('data-subjectid', subject.Id);
+                                        $record.find('span').text(subject.Name + ' ' + subject.Id);
+                                        $record.find('i.type').addClass(subject.Type === 'role' ? 'fa-lock' : subject.IsGroup ? 'fa-users' : 'fa-user');
+                                        $record.find('input').val(subject.Id);
+                                        $tbody.append($record);
+                                        $input.val('');
+                                        $input.focus();
+                                    });
+
+                                    const $records = $tbody.find('tr');
+                                    for (var i = 0; i < $records.length; i++) {
+                                        const $record = $($records[i]);
+                                        const body = new FormData();
+                                        body.append('id', $record.attr('data-subjectid'));
+                                        const response = await fetch($add.attr('data-subjecturl'), {
+                                            body: body,
+                                            method: 'POST'
+                                        });
+                                        if (response.ok) {
+                                            const subject = await response.json();
+                                            if (subject) {
+                                                $record.find('span').text(subject.Name + ' ' + subject.Id);
+                                                $record.find('i.type').addClass(subject.Type === 'role' ? 'fa-lock' : subject.IsGroup ? 'fa-users' : 'fa-user');
+                                                continue;
+                                            }
+                                        }
+                                        $record.remove();
+                                    }
+                                    originalInherit = $inherit.prop('checked');
+                                    originalSubjects = $tbody.html();
+                                    $dialog.dialog('open');
+                                } else {
+                                    $dialog.dialog('open');
+                                }
+                            });
+                        });
+                    </script>
+                }
+                <div class="info-box">
+                    <p class="fa-p">
+                        <i class="fa fa-fw fa-info-circle"></i> Flag actions are normally authorized globally by
+                        @if (Authorization.Has(Claims.DiscoAdminAccount))
+                        {
+                            <span><a href="@Url.Action(MVC.Config.AuthorizationRole.Index(null))">Authorization Roles</a>.</span>
+                        }
+                        else
+                        {
+                            <span>Authorization Roles.</span>
+                        }
+                        Overriding individual flag permissions allows for targeted authorization.
+                    </p>
+                </div>
+            </td>
+        </tr>
         <tr class="Config_HideAdvanced_Item">
             <th>
                 On Assignment<br />Expression:
diff --git a/Disco.Web/Areas/Config/Views/DeviceFlag/Show.generated.cs b/Disco.Web/Areas/Config/Views/DeviceFlag/Show.generated.cs
index eeebef49..c22c1ba0 100644
--- a/Disco.Web/Areas/Config/Views/DeviceFlag/Show.generated.cs
+++ b/Disco.Web/Areas/Config/Views/DeviceFlag/Show.generated.cs
@@ -76,6 +76,7 @@ namespace Disco.Web.Areas.Config.Views.DeviceFlag
     var canExportAll = Model.TotalAssignmentCount > 0 && Authorization.Has(Claims.Config.DeviceFlag.Export);
 
     var hideAdvanced =
+        Model.Permission.IsDefault() &&
         Model.DeviceFlag.DevicesLinkedGroup == null &&
         Model.DeviceFlag.DeviceUsersLinkedGroup == null &&
         Model.DeviceFlag.OnAssignmentExpression == null &&
@@ -90,15 +91,15 @@ WriteLiteral("\r\n<div");
 
 WriteLiteral(" id=\"Config_DeviceFlags_Show\"");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 1478), Tuple.Create("\"", 1537)
-, Tuple.Create(Tuple.Create("", 1486), Tuple.Create("form", 1486), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 1519), Tuple.Create("\"", 1578)
+, Tuple.Create(Tuple.Create("", 1527), Tuple.Create("form", 1527), true)
             
-            #line 25 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-, Tuple.Create(Tuple.Create("", 1490), Tuple.Create<System.Object, System.Int32>(hideAdvanced ? " Config_HideAdvanced" : null
+            #line 26 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+, Tuple.Create(Tuple.Create("", 1531), Tuple.Create<System.Object, System.Int32>(hideAdvanced ? " Config_HideAdvanced" : null
             
             #line default
             #line hidden
-, 1490), false)
+, 1531), false)
 );
 
 WriteLiteral(" style=\"width: 550px\"");
@@ -112,7 +113,7 @@ WriteLiteral(">\r\n                Id:\r\n            </th>\r\n            <td>\
 WriteLiteral("                ");
 
             
-            #line 32 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 33 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
            Write(Html.DisplayFor(model => model.DeviceFlag.Id));
 
             
@@ -122,61 +123,62 @@ WriteLiteral("\r\n            </td>\r\n        </tr>\r\n        <tr>\r\n
 "   Name:\r\n            </th>\r\n            <td>\r\n");
 
             
-            #line 40 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 41 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 40 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 41 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                  if (canConfig)
                 {
-            
-            #line default
-            #line hidden
-            
-            #line 41 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-            Write(Html.EditorFor(model => model.DeviceFlag.Name));
-
-            
-            #line default
-            #line hidden
-            
-            #line 41 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-                                                                
-                
-            
-            #line default
-            #line hidden
-            
-            #line 42 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-           Write(AjaxHelpers.AjaxSave());
-
-            
-            #line default
-            #line hidden
-            
-            #line 42 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-                                       
-                
+                    
             
             #line default
             #line hidden
             
             #line 43 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-           Write(AjaxHelpers.AjaxLoader());
+               Write(Html.EditorFor(model => model.DeviceFlag.Name));
 
             
             #line default
             #line hidden
             
             #line 43 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-                                         
+                                                                   
+                    
+            
+            #line default
+            #line hidden
+            
+            #line 44 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+               Write(AjaxHelpers.AjaxSave());
 
             
             #line default
             #line hidden
-WriteLiteral("                <script");
+            
+            #line 44 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                           
+                    
+            
+            #line default
+            #line hidden
+            
+            #line 45 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+               Write(AjaxHelpers.AjaxLoader());
+
+            
+            #line default
+            #line hidden
+            
+            #line 45 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                             
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                    <script");
 
 WriteLiteral(" type=\"text/javascript\"");
 
@@ -188,35 +190,35 @@ WriteLiteral(@">
                                 '");
 
             
-            #line 49 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 51 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                              Write(Url.Action(MVC.API.DeviceFlag.UpdateName(Model.DeviceFlag.Id)));
 
             
             #line default
             #line hidden
 WriteLiteral("\',\r\n                                \'FlagName\'\r\n                            );\r\n " +
-"                       });\r\n                </script>\r\n");
+"                       });\r\n                    </script>\r\n");
 
             
-            #line 54 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-            }
-            else
-            {
-                
+            #line 56 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                }
+                else
+                {
+                    
             
             #line default
             #line hidden
             
-            #line 57 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-           Write(Model.DeviceFlag.Name);
+            #line 59 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+               Write(Model.DeviceFlag.Name);
 
             
             #line default
             #line hidden
             
-            #line 57 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-                                      
-            }
+            #line 59 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                          
+                }
 
             
             #line default
@@ -225,55 +227,55 @@ WriteLiteral("            </td>\r\n        </tr>\r\n        <tr>\r\n
 " Description:\r\n            </th>\r\n            <td>\r\n");
 
             
-            #line 66 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 68 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 66 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 68 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                  if (canConfig)
                 {
             
             #line default
             #line hidden
             
-            #line 67 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 69 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
             Write(Html.EditorFor(model => model.DeviceFlag.Description));
 
             
             #line default
             #line hidden
             
-            #line 67 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 69 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                        
                 
             
             #line default
             #line hidden
             
-            #line 68 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 70 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
            Write(AjaxHelpers.AjaxSave());
 
             
             #line default
             #line hidden
             
-            #line 68 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 70 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                        
                 
             
             #line default
             #line hidden
             
-            #line 69 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 71 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
            Write(AjaxHelpers.AjaxLoader());
 
             
             #line default
             #line hidden
             
-            #line 69 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 71 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                          
 
             
@@ -291,7 +293,7 @@ WriteLiteral(@">
                                 '");
 
             
-            #line 75 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 77 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                              Write(Url.Action(MVC.API.DeviceFlag.UpdateDescription(Model.DeviceFlag.Id)));
 
             
@@ -301,7 +303,7 @@ WriteLiteral("\',\r\n                                \'Description\'\r\n
 "\r\n                        });\r\n                </script>\r\n");
 
             
-            #line 80 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 82 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
             }
             else
             {
@@ -312,13 +314,13 @@ WriteLiteral("\',\r\n                                \'Description\'\r\n
 WriteLiteral("                <pre>\r\n");
 
             
-            #line 84 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 86 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 84 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 86 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                      if (string.IsNullOrEmpty(Model.DeviceFlag.Description))
                     {
 
@@ -332,7 +334,7 @@ WriteLiteral("&lt;None&gt;");
 WriteLiteral("\r\n");
 
             
-            #line 87 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 89 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                     }
                     else
                     {
@@ -341,14 +343,14 @@ WriteLiteral("\r\n");
             #line default
             #line hidden
             
-            #line 90 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 92 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                    Write(Model.DeviceFlag.Description.ToHtmlComment());
 
             
             #line default
             #line hidden
             
-            #line 90 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 92 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                      
                     }
 
@@ -358,7 +360,7 @@ WriteLiteral("\r\n");
 WriteLiteral("                    </pre>\r\n");
 
             
-            #line 93 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 95 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
             }
 
             
@@ -369,7 +371,7 @@ WriteLiteral("            </td>\r\n        </tr>\r\n        <tr>\r\n
 "");
 
             
-            #line 101 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 103 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                         Write(Model.CurrentAssignmentCount);
 
             
@@ -378,7 +380,7 @@ WriteLiteral("            </td>\r\n        </tr>\r\n        <tr>\r\n
 WriteLiteral(" device");
 
             
-            #line 101 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 103 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                              Write(Model.CurrentAssignmentCount != 1 ? "s" : null);
 
             
@@ -387,7 +389,7 @@ WriteLiteral(" device");
 WriteLiteral(" currently assigned</strong></div>\r\n                <div>");
 
             
-            #line 102 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 104 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                 Write(Model.TotalAssignmentCount);
 
             
@@ -396,7 +398,7 @@ WriteLiteral(" currently assigned</strong></div>\r\n                <div>");
 WriteLiteral(" total device historical assignment");
 
             
-            #line 102 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 104 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                                Write(Model.TotalAssignmentCount != 1 ? "s" : null);
 
             
@@ -410,7 +412,7 @@ WriteLiteral(" id=\"Config_DeviceFlags_Icon\"");
 WriteLiteral(" data-icon=\"");
 
             
-            #line 110 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 112 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                        Write(Model.DeviceFlag.Icon);
 
             
@@ -421,7 +423,7 @@ WriteLiteral("\"");
 WriteLiteral(" data-colour=\"");
 
             
-            #line 110 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 112 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                                               Write(Model.DeviceFlag.IconColour);
 
             
@@ -429,37 +431,37 @@ WriteLiteral(" data-colour=\"");
             #line hidden
 WriteLiteral("\"");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 4620), Tuple.Create("\"", 4697)
-, Tuple.Create(Tuple.Create("", 4628), Tuple.Create("fa", 4628), true)
-, Tuple.Create(Tuple.Create(" ", 4630), Tuple.Create("fa-", 4631), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 4719), Tuple.Create("\"", 4796)
+, Tuple.Create(Tuple.Create("", 4727), Tuple.Create("fa", 4727), true)
+, Tuple.Create(Tuple.Create(" ", 4729), Tuple.Create("fa-", 4730), true)
             
-            #line 110 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-                                                                , Tuple.Create(Tuple.Create("", 4634), Tuple.Create<System.Object, System.Int32>(Model.DeviceFlag.Icon
+            #line 112 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                , Tuple.Create(Tuple.Create("", 4733), Tuple.Create<System.Object, System.Int32>(Model.DeviceFlag.Icon
             
             #line default
             #line hidden
-, 4634), false)
-, Tuple.Create(Tuple.Create(" ", 4658), Tuple.Create("fa-4x", 4659), true)
-, Tuple.Create(Tuple.Create(" ", 4664), Tuple.Create("d-", 4665), true)
+, 4733), false)
+, Tuple.Create(Tuple.Create(" ", 4757), Tuple.Create("fa-4x", 4758), true)
+, Tuple.Create(Tuple.Create(" ", 4763), Tuple.Create("d-", 4764), true)
             
-            #line 110 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-                                                                                                 , Tuple.Create(Tuple.Create("", 4667), Tuple.Create<System.Object, System.Int32>(Model.DeviceFlag.IconColour
+            #line 112 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                                                 , Tuple.Create(Tuple.Create("", 4766), Tuple.Create<System.Object, System.Int32>(Model.DeviceFlag.IconColour
             
             #line default
             #line hidden
-, 4667), false)
+, 4766), false)
 );
 
 WriteLiteral("></i>\r\n");
 
             
-            #line 111 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 113 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 111 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 113 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                  if (canConfig)
                 {
 
@@ -485,13 +487,13 @@ WriteLiteral(" title=\"Device Flag Icon\"");
 WriteLiteral(">\r\n");
 
             
-            #line 116 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 118 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 116 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 118 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                              using (Html.BeginForm(MVC.API.DeviceFlag.UpdateIconAndColour(id: Model.DeviceFlag.Id, redirect: true)))
                             {
                                 
@@ -499,14 +501,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 118 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 120 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                            Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 118 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 120 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                         
 
             
@@ -529,7 +531,7 @@ WriteLiteral(" name=\"iconColour\"");
 WriteLiteral(" />\r\n");
 
             
-            #line 121 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 123 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                             }
 
             
@@ -542,13 +544,13 @@ WriteLiteral(" class=\"colours\"");
 WriteLiteral(">\r\n");
 
             
-            #line 124 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 126 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                     
             
             #line default
             #line hidden
             
-            #line 124 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 126 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                      foreach (var colour in Model.ThemeColours)
                                     {
 
@@ -560,7 +562,7 @@ WriteLiteral("                                        <i");
 WriteLiteral(" data-colour=\"");
 
             
-            #line 126 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 128 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                     Write(colour.Key);
 
             
@@ -568,33 +570,33 @@ WriteLiteral(" data-colour=\"");
             #line hidden
 WriteLiteral("\"");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 5681), Tuple.Create("\"", 5717)
-, Tuple.Create(Tuple.Create("", 5689), Tuple.Create("fa", 5689), true)
-, Tuple.Create(Tuple.Create(" ", 5691), Tuple.Create("fa-square", 5692), true)
-, Tuple.Create(Tuple.Create(" ", 5701), Tuple.Create("d-", 5702), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 5780), Tuple.Create("\"", 5816)
+, Tuple.Create(Tuple.Create("", 5788), Tuple.Create("fa", 5788), true)
+, Tuple.Create(Tuple.Create(" ", 5790), Tuple.Create("fa-square", 5791), true)
+, Tuple.Create(Tuple.Create(" ", 5800), Tuple.Create("d-", 5801), true)
             
-            #line 126 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-              , Tuple.Create(Tuple.Create("", 5704), Tuple.Create<System.Object, System.Int32>(colour.Key
+            #line 128 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+              , Tuple.Create(Tuple.Create("", 5803), Tuple.Create<System.Object, System.Int32>(colour.Key
             
             #line default
             #line hidden
-, 5704), false)
+, 5803), false)
 );
 
-WriteAttribute("title", Tuple.Create(" title=\"", 5718), Tuple.Create("\"", 5739)
+WriteAttribute("title", Tuple.Create(" title=\"", 5817), Tuple.Create("\"", 5838)
             
-            #line 126 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-                                   , Tuple.Create(Tuple.Create("", 5726), Tuple.Create<System.Object, System.Int32>(colour.Value
+            #line 128 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                   , Tuple.Create(Tuple.Create("", 5825), Tuple.Create<System.Object, System.Int32>(colour.Value
             
             #line default
             #line hidden
-, 5726), false)
+, 5825), false)
 );
 
 WriteLiteral("></i>\r\n");
 
             
-            #line 127 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 129 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                     }
 
             
@@ -607,13 +609,13 @@ WriteLiteral(" class=\"icons\"");
 WriteLiteral(">\r\n");
 
             
-            #line 130 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 132 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                     
             
             #line default
             #line hidden
             
-            #line 130 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 132 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                      foreach (var icon in Model.Icons)
                                     {
 
@@ -625,7 +627,7 @@ WriteLiteral("                                        <i");
 WriteLiteral(" data-icon=\"");
 
             
-            #line 132 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 134 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                   Write(icon.Key);
 
             
@@ -633,32 +635,32 @@ WriteLiteral(" data-icon=\"");
             #line hidden
 WriteLiteral("\"");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 6056), Tuple.Create("\"", 6081)
-, Tuple.Create(Tuple.Create("", 6064), Tuple.Create("fa", 6064), true)
-, Tuple.Create(Tuple.Create(" ", 6066), Tuple.Create("fa-", 6067), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 6155), Tuple.Create("\"", 6180)
+, Tuple.Create(Tuple.Create("", 6163), Tuple.Create("fa", 6163), true)
+, Tuple.Create(Tuple.Create(" ", 6165), Tuple.Create("fa-", 6166), true)
             
-            #line 132 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
- , Tuple.Create(Tuple.Create("", 6070), Tuple.Create<System.Object, System.Int32>(icon.Key
+            #line 134 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+ , Tuple.Create(Tuple.Create("", 6169), Tuple.Create<System.Object, System.Int32>(icon.Key
             
             #line default
             #line hidden
-, 6070), false)
+, 6169), false)
 );
 
-WriteAttribute("title", Tuple.Create(" title=\"", 6082), Tuple.Create("\"", 6101)
+WriteAttribute("title", Tuple.Create(" title=\"", 6181), Tuple.Create("\"", 6200)
             
-            #line 132 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
-                    , Tuple.Create(Tuple.Create("", 6090), Tuple.Create<System.Object, System.Int32>(icon.Value
+            #line 134 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                    , Tuple.Create(Tuple.Create("", 6189), Tuple.Create<System.Object, System.Int32>(icon.Value
             
             #line default
             #line hidden
-, 6090), false)
+, 6189), false)
 );
 
 WriteLiteral("></i>\r\n");
 
             
-            #line 133 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 135 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                     }
 
             
@@ -716,7 +718,7 @@ WriteLiteral("                                </div>\r\n
 "       }());\r\n                        </script>\r\n                    </div>\r\n");
 
             
-            #line 210 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 212 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                 }
 
             
@@ -725,13 +727,13 @@ WriteLiteral("                                </div>\r\n
 WriteLiteral("            </td>\r\n        </tr>\r\n");
 
             
-            #line 213 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 215 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
         
             
             #line default
             #line hidden
             
-            #line 213 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 215 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
          if (hideAdvanced)
         {
 
@@ -765,7 +767,7 @@ WriteLiteral(@">Show Advanced Options</button>
 ");
 
             
-            #line 229 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 231 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
         }
 
             
@@ -775,17 +777,1007 @@ WriteLiteral("        <tr");
 
 WriteLiteral(" class=\"Config_HideAdvanced_Item\"");
 
-WriteLiteral(">\r\n            <th>\r\n                On Assignment<br />Expression:\r\n            " +
-"</th>\r\n            <td>\r\n");
+WriteLiteral(">\r\n            <th>\r\n                Assignment Permission<br />\r\n               " +
+" Override:\r\n            </th>\r\n            <td>\r\n");
 
             
-            #line 235 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 238 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 235 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 238 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                 if (!Model.Permission.IsDefault())
+                {
+                    var permission = Model.Permission;
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                    <div>\r\n");
+
+            
+            #line 242 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                        
+            
+            #line default
+            #line hidden
+            
+            #line 242 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                         if (permission.Inherit)
+                        {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <span><i");
+
+WriteLiteral(" class=\"fa fa-check-square-o\"");
+
+WriteLiteral("></i> Inheriting from Authorization Roles</span>\r\n");
+
+            
+            #line 245 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                        }
+                        else
+                        {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <span><i");
+
+WriteLiteral(" class=\"fa fa-square-o\"");
+
+WriteLiteral("></i> Authorization Roles are Ignored</span>\r\n");
+
+            
+            #line 249 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                        }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                    </div>\r\n");
+
+            
+            #line 251 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                    if (!permission.HasSubjects())
+                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                        <span");
+
+WriteLiteral(" class=\"smallMessage\"");
+
+WriteLiteral(">There are no users/groups associated with this permission override</span>\r\n");
+
+            
+            #line 254 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                    }
+                    else
+                    {
+                        if (permission.IsSimple())
+                        {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <table");
+
+WriteLiteral(" class=\"tableData\"");
+
+WriteLiteral(@">
+                                <thead>
+                                    <tr>
+                                        <th>Users/Groups/Roles</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+");
+
+            
+            #line 266 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                    
+            
+            #line default
+            #line hidden
+            
+            #line 266 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                     foreach (var subjectId in permission.CanShowSubjectIds)
+                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                        <tr>\r\n                                   " +
+"         <td>\r\n");
+
+            
+            #line 270 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                
+            
+            #line default
+            #line hidden
+            
+            #line 270 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                  
+                                                    int roleId;
+                                                    if (subjectId.StartsWith("[") && int.TryParse(subjectId.Trim('[', ']'), out roleId))
+                                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                        <span>");
+
+            
+            #line 274 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                         Write(Disco.Services.Users.UserService.GetAuthorizationRoleName(roleId));
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" ");
+
+            
+            #line 274 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                                                                            Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("</span>\r\n");
+
+            
+            #line 275 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                    }
+                                                    else
+                                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                        <span>");
+
+            
+            #line 278 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                         Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("</span>\r\n");
+
+            
+            #line 279 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                    }
+                                                
+            
+            #line default
+            #line hidden
+WriteLiteral("\r\n                                            </td>\r\n                            " +
+"            </tr>\r\n");
+
+            
+            #line 283 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                    }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                </tbody>\r\n                            </table>\r\n");
+
+WriteLiteral("                            <div");
+
+WriteLiteral(" class=\"info-box\"");
+
+WriteLiteral(">\r\n                                <p");
+
+WriteLiteral(" class=\"fa-p\"");
+
+WriteLiteral(">\r\n                                    <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-info-circle\"");
+
+WriteLiteral("></i> All users/groups/roles can view, assign, edit assignments, and remove assig" +
+"nments for this flag.\r\n                                </p>\r\n                   " +
+"         </div>\r\n");
+
+            
+            #line 291 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                        }
+                        else
+                        {
+                            var subjects = permission.AllSubjects();
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <table");
+
+WriteLiteral(" class=\"tableData\"");
+
+WriteLiteral(@">
+                                <thead>
+                                    <tr>
+                                        <th>Users/Groups/Roles</th>
+                                        <th>View</th>
+                                        <th>Assign</th>
+                                        <th>Edit</th>
+                                        <th>Remove</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+");
+
+            
+            #line 306 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                    
+            
+            #line default
+            #line hidden
+            
+            #line 306 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                     foreach (var subjectId in subjects.OrderBy(s => s))
+                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                        <tr>\r\n                                   " +
+"         <td>\r\n                                                <i");
+
+WriteLiteral(" class=\"fa\"");
+
+WriteLiteral("></i> ");
+
+            
+            #line 310 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                     
+                                                    int roleId;
+                                                    if (subjectId.StartsWith("[") && int.TryParse(subjectId.Trim('[', ']'), out roleId))
+                                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                        <span>");
+
+            
+            #line 314 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                         Write(Disco.Services.Users.UserService.GetAuthorizationRoleName(roleId));
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" ");
+
+            
+            #line 314 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                                                                            Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("</span>\r\n");
+
+            
+            #line 315 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                    }
+                                                    else
+                                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                        <span>");
+
+            
+            #line 318 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                         Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("</span>\r\n");
+
+            
+            #line 319 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                    }
+                                                
+            
+            #line default
+            #line hidden
+WriteLiteral("\r\n                                            </td>\r\n                            " +
+"                <td>\r\n");
+
+            
+            #line 323 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                
+            
+            #line default
+            #line hidden
+            
+            #line 323 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                 if (permission.CanShowSubjectIds.Contains(subjectId))
+                                                {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                    <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-check\"");
+
+WriteLiteral("></i>\r\n");
+
+            
+            #line 326 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                            </td>\r\n                              " +
+"              <td>\r\n");
+
+            
+            #line 329 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                
+            
+            #line default
+            #line hidden
+            
+            #line 329 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                 if (permission.CanAssignSubjectIds.Contains(subjectId))
+                                                {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                    <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-check\"");
+
+WriteLiteral("></i>\r\n");
+
+            
+            #line 332 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                            </td>\r\n                              " +
+"              <td>\r\n");
+
+            
+            #line 335 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                
+            
+            #line default
+            #line hidden
+            
+            #line 335 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                 if (permission.CanEditSubjectIds.Contains(subjectId))
+                                                {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                    <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-check\"");
+
+WriteLiteral("></i>\r\n");
+
+            
+            #line 338 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                            </td>\r\n                              " +
+"              <td>\r\n");
+
+            
+            #line 341 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                
+            
+            #line default
+            #line hidden
+            
+            #line 341 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                 if (permission.CanRemoveSubjectIds.Contains(subjectId))
+                                                {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                    <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-check\"");
+
+WriteLiteral("></i>\r\n");
+
+            
+            #line 344 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                            </td>\r\n                              " +
+"          </tr>\r\n");
+
+            
+            #line 347 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                    }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                </tbody>\r\n                            </table>\r\n");
+
+            
+            #line 350 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                        }
+
+                    }
+                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                ");
+
+            
+            #line 354 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                 if (canConfig)
+                {
+                    var permission = Model.Permission;
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                    <button");
+
+WriteLiteral(" id=\"Config_Flag_Permission_Edit\"");
+
+WriteLiteral(" class=\"button small\"");
+
+WriteLiteral(">");
+
+            
+            #line 357 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                              Write(permission.IsDefault() ? "Override" : "Edit");
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" Permission</button>\r\n");
+
+            
+            #line 358 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                    <div");
+
+WriteLiteral(" id=\"Config_Flag_Permissions\"");
+
+WriteLiteral(" class=\"dialog\"");
+
+WriteLiteral(" title=\"Flag Assignment Permission Override\"");
+
+WriteLiteral(">\r\n");
+
+            
+            #line 360 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                        
+            
+            #line default
+            #line hidden
+            
+            #line 360 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                         using (Html.BeginForm(MVC.API.DeviceFlag.Permission(Model.DeviceFlag.Id)))
+                        {
+                            
+            
+            #line default
+            #line hidden
+            
+            #line 362 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                       Write(Html.AntiForgeryToken());
+
+            
+            #line default
+            #line hidden
+            
+            #line 362 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                    
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <input");
+
+WriteLiteral(" type=\"hidden\"");
+
+WriteLiteral(" name=\"IsOverride\"");
+
+WriteLiteral(" value=\"true\"");
+
+WriteLiteral(" />\r\n");
+
+WriteLiteral("                            <div");
+
+WriteLiteral(" id=\"Config_Flag_Permissions_Inherit_Container\"");
+
+WriteLiteral(">\r\n                                <label>\r\n                                    <" +
+"input");
+
+WriteLiteral(" id=\"Config_Flag_Permissions_Inherit\"");
+
+WriteLiteral(" type=\"checkbox\"");
+
+WriteLiteral(" name=\"Inherit\"");
+
+WriteLiteral(" value=\"true\"");
+
+WriteLiteral(" ");
+
+            
+            #line 366 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                                                                        Write(permission.Inherit ? "checked" : null);
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" /> Inherit Authorization from Authorization Roles\r\n                             " +
+"   </label>\r\n                            </div>\r\n");
+
+WriteLiteral("                            <div");
+
+WriteLiteral(" class=\"tableDataContainer\"");
+
+WriteLiteral(">\r\n                                <table");
+
+WriteLiteral(" class=\"tableData\"");
+
+WriteLiteral(@">
+                                    <thead>
+                                        <tr>
+                                            <th>User/Group/Role</th>
+                                            <th>View</th>
+                                            <th>Assign</th>
+                                            <th>Edit</th>
+                                            <th>Remove</th>
+                                        </tr>
+                                    </thead>
+                                    <tbody>
+");
+
+            
+            #line 381 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                        
+            
+            #line default
+            #line hidden
+            
+            #line 381 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                          
+                                            var subjects = permission.AllSubjects();
+
+                                            foreach (var subjectId in subjects.OrderBy(s => s))
+                                            {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                <tr");
+
+WriteLiteral(" data-subjectid=\"");
+
+            
+            #line 386 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                               Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("\"");
+
+WriteLiteral(">\r\n                                                    <td><i");
+
+WriteLiteral(" class=\"fa type\"");
+
+WriteLiteral("></i> <span>");
+
+            
+            #line 387 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                                 Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("</span><i");
+
+WriteLiteral(" class=\"fa fa-times-circle remove\"");
+
+WriteLiteral("></i></td>\r\n                                                    <td>\r\n           " +
+"                                             <input");
+
+WriteLiteral(" type=\"checkbox\"");
+
+WriteLiteral(" name=\"CanShow\"");
+
+WriteAttribute("value", Tuple.Create(" value=\"", 20122), Tuple.Create("\"", 20140)
+            
+            #line 389 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                    , Tuple.Create(Tuple.Create("", 20130), Tuple.Create<System.Object, System.Int32>(subjectId
+            
+            #line default
+            #line hidden
+, 20130), false)
+);
+
+WriteLiteral(" ");
+
+            
+            #line 389 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                                                             Write(permission.CanShowSubjectIds.Contains(subjectId) ? " checked" : null);
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" />\r\n                                                    </td>\r\n                 " +
+"                                   <td>\r\n                                       " +
+"                 <input");
+
+WriteLiteral(" type=\"checkbox\"");
+
+WriteLiteral(" name=\"CanAssign\"");
+
+WriteAttribute("value", Tuple.Create(" value=\"", 20430), Tuple.Create("\"", 20448)
+            
+            #line 392 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                      , Tuple.Create(Tuple.Create("", 20438), Tuple.Create<System.Object, System.Int32>(subjectId
+            
+            #line default
+            #line hidden
+, 20438), false)
+);
+
+WriteLiteral(" ");
+
+            
+            #line 392 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                                                               Write(permission.CanAssignSubjectIds.Contains(subjectId) ? " checked" : null);
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" />\r\n                                                    </td>\r\n                 " +
+"                                   <td>\r\n                                       " +
+"                 <input");
+
+WriteLiteral(" type=\"checkbox\"");
+
+WriteLiteral(" name=\"CanEdit\"");
+
+WriteAttribute("value", Tuple.Create(" value=\"", 20738), Tuple.Create("\"", 20756)
+            
+            #line 395 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                    , Tuple.Create(Tuple.Create("", 20746), Tuple.Create<System.Object, System.Int32>(subjectId
+            
+            #line default
+            #line hidden
+, 20746), false)
+);
+
+WriteLiteral(" ");
+
+            
+            #line 395 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                                                             Write(permission.CanEditSubjectIds.Contains(subjectId) ? " checked" : null);
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" />\r\n                                                    </td>\r\n                 " +
+"                                   <td>\r\n                                       " +
+"                 <input");
+
+WriteLiteral(" type=\"checkbox\"");
+
+WriteLiteral(" name=\"CanRemove\"");
+
+WriteAttribute("value", Tuple.Create(" value=\"", 21046), Tuple.Create("\"", 21064)
+            
+            #line 398 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                      , Tuple.Create(Tuple.Create("", 21054), Tuple.Create<System.Object, System.Int32>(subjectId
+            
+            #line default
+            #line hidden
+, 21054), false)
+);
+
+WriteLiteral(" ");
+
+            
+            #line 398 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                                                               Write(permission.CanRemoveSubjectIds.Contains(subjectId) ? " checked" : null);
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" />\r\n                                                    </td>\r\n                 " +
+"                               </tr>\r\n");
+
+            
+            #line 401 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                            }
+                                        
+            
+            #line default
+            #line hidden
+WriteLiteral("\r\n                                    </tbody>\r\n                                <" +
+"/table>\r\n                            </div>\r\n");
+
+WriteLiteral("                            <div>\r\n                                <input");
+
+WriteLiteral(" type=\"text\"");
+
+WriteLiteral(" id=\"Config_Flag_Permissions_Subject_Input\"");
+
+WriteLiteral(" placeholder=\"Search Users/Groups/Roles\"");
+
+WriteLiteral(" data-autocompleteurl=\"");
+
+            
+            #line 407 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                                                                                                        Write(Url.Action(MVC.API.System.SearchSubjects(null, includeAuthorizationRoles: true)));
+
+            
+            #line default
+            #line hidden
+WriteLiteral("\"");
+
+WriteLiteral(" />\r\n                                <button");
+
+WriteLiteral(" type=\"button\"");
+
+WriteLiteral(" id=\"Config_Flag_Permissions_Subject_Add\"");
+
+WriteLiteral(" class=\"button small\"");
+
+WriteLiteral(" data-subjecturl=\"");
+
+            
+            #line 408 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                                                                                                                                Write(Url.Action(MVC.API.System.Subject(null, includeAuthorizationRoles: true)));
+
+            
+            #line default
+            #line hidden
+WriteLiteral("\"");
+
+WriteLiteral(">Add</button>\r\n                            </div>\r\n");
+
+            
+            #line 410 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                        }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                    </div>\r\n");
+
+WriteLiteral("                    <script>\r\n                        $(function () {\r\n          " +
+"                  let $dialog = null;\r\n                            let originalS" +
+"ubjects = null;\r\n                            let originalInherit = null;\r\n      " +
+"                      $(\'#Config_Flag_Permission_Edit\').on(\'click\', async functi" +
+"on () {\r\n                                if (!$dialog) {\r\n                      " +
+"              $dialog = $(\'#Config_Flag_Permissions\');\r\n                        " +
+"            const $tbody = $dialog.find(\'tbody\');\r\n                             " +
+"       const $inherit = $dialog.find(\'#Config_Flag_Permissions_Inherit\');\r\n     " +
+"                               const $input = $dialog.find(\'#Config_Flag_Permiss" +
+"ions_Subject_Input\');\r\n                                    const $add = $dialog." +
+"find(\'#Config_Flag_Permissions_Subject_Add\');\r\n\r\n                               " +
+"     $dialog.dialog({\r\n                                        resizable: false," +
+"\r\n                                        modal: true,\r\n                        " +
+"                autoOpen: false,\r\n                                        width:" +
+" 550,\r\n                                        height: 420,\r\n                   " +
+"                     buttons: {\r\n                                            Can" +
+"cel: function () {\r\n                                                $(this).dial" +
+"og(\'close\');\r\n                                                $tbody.html(origin" +
+"alSubjects);\r\n                                                $inherit.prop(\'che" +
+"cked\', originalInherit);\r\n                                            },\r\n      " +
+"                                      \'Remove Override\': function () {\r\n        " +
+"                                        const $this = $(this);\r\n                " +
+"                                $(this).dialog(\'option\', \'buttons\', null);\r\n    " +
+"                                            $this.find(\'input[name=\"IsOverride\"]" +
+"\').val(\'false\');\r\n                                                $this.find(\'fo" +
+"rm\').trigger(\'submit\');\r\n                                            },\r\n       " +
+"                                     \'Save Changes\': function () {\r\n            " +
+"                                    $(this).dialog(\'option\', \'buttons\', null);\r\n" +
+"                                                $(this).find(\'form\').trigger(\'su" +
+"bmit\');\r\n                                            }\r\n                        " +
+"                }\r\n                                    });\r\n\r\n                  " +
+"                  $tbody.on(\'click\', \'i.remove\', function () {\r\n                " +
+"                        $(this).closest(\'tr\').remove();\r\n                       " +
+"             });\r\n\r\n                                    $input\r\n                " +
+"                        .autocomplete({\r\n                                       " +
+"     source: $input.attr(\'data-autocompleteurl\'),\r\n                             " +
+"               minLength: 2,\r\n                                            focus:" +
+" function (e, ui) {\r\n                                                $input.val(" +
+"ui.item.Id);\r\n                                                return false;\r\n   " +
+"                                         },\r\n                                   " +
+"         select: function (e, ui) {\r\n                                           " +
+"     $input.val(ui.item.Id).blur();\r\n                                           " +
+"     $add.trigger(\'click\');\r\n                                                $in" +
+"put.val(\'\');\r\n                                                return false;\r\n   " +
+"                                         }\r\n                                    " +
+"    }).data(\'ui-autocomplete\')._renderItem = function (ul, item) {\r\n            " +
+"                                return $(\"<li></li>\")\r\n                         " +
+"                       .data(\'item.autocomplete\', item)\r\n                       " +
+"                         .append(\'<a><strong>\' + item.Name + \'</strong><br>\' + i" +
+"tem.Id + \' (\' + item.Type + \')</a>\')\r\n                                          " +
+"      .appendTo(ul);\r\n                                        };\r\n\r\n            " +
+"                        $add.on(\'click\', async function () {\r\n                  " +
+"                      const value = $input.val();\r\n                             " +
+"           if (!value) {\r\n                                            $input.foc" +
+"us();\r\n                                            return;\r\n                    " +
+"                    }\r\n                                        const existing = " +
+"$tbody.find(\'tr\').filter(function () {\r\n                                        " +
+"    return $(this).attr(\'data-subjectid\') === value;\r\n                          " +
+"              });\r\n                                        if (existing.length !" +
+"== 0) {\r\n                                            $input.val(\'\');\r\n          " +
+"                                  $input.focus();\r\n                             " +
+"               return;\r\n                                        }\r\n\r\n           " +
+"                             const body = new FormData();\r\n                     " +
+"                   body.append(\'id\', value);\r\n                                  " +
+"      const response = await fetch($add.attr(\'data-subjecturl\'), {\r\n            " +
+"                                body: body,\r\n                                   " +
+"         method: \'POST\'\r\n                                        });\r\n\r\n        " +
+"                                if (!response.ok) {\r\n                           " +
+"                 alert(\'Unable to lookup User/Group/Role: \' + response.statusTex" +
+"t);\r\n                                            $input.focus();\r\n              " +
+"                              return;\r\n                                        }" +
+"\r\n\r\n                                        const subject = await response.json(" +
+");\r\n\r\n                                        if (!subject) {\r\n                 " +
+"                           alert(\'Invalid User/Group/Role\');\r\n                  " +
+"                          $input.focus();\r\n                                     " +
+"       return;\r\n                                        }\r\n\r\n                   " +
+"                     const $record = $(\'<tr><td><i class=\"fa type\"></i> <span></" +
+"span><i class=\"fa fa-times-circle remove\"></i></td><td><input type=\"checkbox\" na" +
+"me=\"CanShow\" checked /></td><td><input type=\"checkbox\" name=\"CanAssign\" checked " +
+"/></td><td><input type=\"checkbox\" name=\"CanEdit\" checked /></td><td><input type=" +
+"\"checkbox\" name=\"CanRemove\" checked /></td></tr>\');\r\n                           " +
+"             $record.attr(\'data-subjectid\', subject.Id);\r\n                      " +
+"                  $record.find(\'span\').text(subject.Name + \' \' + subject.Id);\r\n " +
+"                                       $record.find(\'i.type\').addClass(subject.T" +
+"ype === \'role\' ? \'fa-lock\' : subject.IsGroup ? \'fa-users\' : \'fa-user\');\r\n       " +
+"                                 $record.find(\'input\').val(subject.Id);\r\n       " +
+"                                 $tbody.append($record);\r\n                      " +
+"                  $input.val(\'\');\r\n                                        $inpu" +
+"t.focus();\r\n                                    });\r\n\r\n                         " +
+"           const $records = $tbody.find(\'tr\');\r\n                                " +
+"    for (var i = 0; i < $records.length; i++) {\r\n                               " +
+"         const $record = $($records[i]);\r\n                                      " +
+"  const body = new FormData();\r\n                                        body.app" +
+"end(\'id\', $record.attr(\'data-subjectid\'));\r\n                                    " +
+"    const response = await fetch($add.attr(\'data-subjecturl\'), {\r\n              " +
+"                              body: body,\r\n                                     " +
+"       method: \'POST\'\r\n                                        });\r\n            " +
+"                            if (response.ok) {\r\n                                " +
+"            const subject = await response.json();\r\n                            " +
+"                if (subject) {\r\n                                                " +
+"$record.find(\'span\').text(subject.Name + \' \' + subject.Id);\r\n                   " +
+"                             $record.find(\'i.type\').addClass(subject.Type === \'r" +
+"ole\' ? \'fa-lock\' : subject.IsGroup ? \'fa-users\' : \'fa-user\');\r\n                 " +
+"                               continue;\r\n                                      " +
+"      }\r\n                                        }\r\n                            " +
+"            $record.remove();\r\n                                    }\r\n          " +
+"                          originalInherit = $inherit.prop(\'checked\');\r\n         " +
+"                           originalSubjects = $tbody.html();\r\n                  " +
+"                  $dialog.dialog(\'open\');\r\n                                } els" +
+"e {\r\n                                    $dialog.dialog(\'open\');\r\n              " +
+"                  }\r\n                            });\r\n                        })" +
+";\r\n                    </script>\r\n");
+
+            
+            #line 549 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                <div");
+
+WriteLiteral(" class=\"info-box\"");
+
+WriteLiteral(">\r\n                    <p");
+
+WriteLiteral(" class=\"fa-p\"");
+
+WriteLiteral(">\r\n                        <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-info-circle\"");
+
+WriteLiteral("></i> Flag actions are normally authorized globally by\r\n");
+
+            
+            #line 553 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                        
+            
+            #line default
+            #line hidden
+            
+            #line 553 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                         if (Authorization.Has(Claims.DiscoAdminAccount))
+                        {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <span><a");
+
+WriteAttribute("href", Tuple.Create(" href=\"", 31330), Tuple.Create("\"", 31390)
+            
+            #line 555 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+, Tuple.Create(Tuple.Create("", 31337), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.Config.AuthorizationRole.Index(null))
+            
+            #line default
+            #line hidden
+, 31337), false)
+);
+
+WriteLiteral(">Authorization Roles</a>.</span>\r\n");
+
+            
+            #line 556 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                        }
+                        else
+                        {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <span>Authorization Roles.</span>\r\n");
+
+            
+            #line 560 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                        }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                        Overriding individual flag permissions allows for targete" +
+"d authorization.\r\n                    </p>\r\n                </div>\r\n            " +
+"</td>\r\n        </tr>\r\n        <tr");
+
+WriteLiteral(" class=\"Config_HideAdvanced_Item\"");
+
+WriteLiteral(">\r\n            <th>\r\n                On Assignment<br />Expression:\r\n            " +
+"</th>\r\n            <td>\r\n");
+
+            
+            #line 571 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+                
+            
+            #line default
+            #line hidden
+            
+            #line 571 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                  if (canConfig)
                 {
                     
@@ -793,56 +1785,56 @@ WriteLiteral(">\r\n            <th>\r\n                On Assignment<br />Expres
             #line default
             #line hidden
             
-            #line 237 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 573 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(Html.EditorFor(model => model.DeviceFlag.OnAssignmentExpression));
 
             
             #line default
             #line hidden
             
-            #line 237 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 573 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                                      
                     
             
             #line default
             #line hidden
             
-            #line 238 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 574 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxRemove());
 
             
             #line default
             #line hidden
             
-            #line 238 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 574 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                              
                     
             
             #line default
             #line hidden
             
-            #line 239 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 575 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxSave());
 
             
             #line default
             #line hidden
             
-            #line 239 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 575 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                            
                     
             
             #line default
             #line hidden
             
-            #line 240 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 576 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxLoader());
 
             
             #line default
             #line hidden
             
-            #line 240 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 576 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                              
 
             
@@ -864,7 +1856,7 @@ WriteLiteral(@">
                                     '");
 
             
-            #line 250 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 586 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                 Write(Url.Action(MVC.API.DeviceFlag.UpdateOnAssignmentExpression(Model.DeviceFlag.Id)));
 
             
@@ -892,7 +1884,7 @@ WriteLiteral("\',\r\n                                    \'OnAssignmentExpressio
 "    </script>\r\n");
 
             
-            #line 279 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 615 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                 }
                 else
                 {
@@ -909,7 +1901,7 @@ WriteLiteral(" class=\"smallMessage\"");
 WriteLiteral(">&lt;None Specified&gt;</span>\r\n");
 
             
-            #line 285 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 621 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                     }
                     else
                     {
@@ -926,7 +1918,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                            ");
 
             
-            #line 289 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 625 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                        Write(Model.DeviceFlag.OnAssignmentExpression);
 
             
@@ -935,7 +1927,7 @@ WriteLiteral("                            ");
 WriteLiteral("\r\n                        </div>\r\n");
 
             
-            #line 291 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 627 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                     }
                 }
 
@@ -965,13 +1957,13 @@ WriteLiteral(">\r\n            <th>\r\n                On Unassignment<br />Expr
 "  </th>\r\n            <td>\r\n");
 
             
-            #line 305 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 641 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 305 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 641 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                  if (canConfig)
                 {
                     
@@ -979,56 +1971,56 @@ WriteLiteral(">\r\n            <th>\r\n                On Unassignment<br />Expr
             #line default
             #line hidden
             
-            #line 307 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 643 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(Html.EditorFor(model => model.DeviceFlag.OnUnassignmentExpression));
 
             
             #line default
             #line hidden
             
-            #line 307 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 643 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                                        
                     
             
             #line default
             #line hidden
             
-            #line 308 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 644 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxRemove());
 
             
             #line default
             #line hidden
             
-            #line 308 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 644 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                              
                     
             
             #line default
             #line hidden
             
-            #line 309 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 645 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxSave());
 
             
             #line default
             #line hidden
             
-            #line 309 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 645 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                            
                     
             
             #line default
             #line hidden
             
-            #line 310 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 646 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxLoader());
 
             
             #line default
             #line hidden
             
-            #line 310 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 646 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                              
 
             
@@ -1050,7 +2042,7 @@ WriteLiteral(@">
                                 '");
 
             
-            #line 320 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 656 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                             Write(Url.Action(MVC.API.DeviceFlag.UpdateOnUnassignmentExpression(Model.DeviceFlag.Id)));
 
             
@@ -1088,7 +2080,7 @@ WriteLiteral(@"',
 ");
 
             
-            #line 349 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 685 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                 }
                 else
                 {
@@ -1105,7 +2097,7 @@ WriteLiteral(" class=\"smallMessage\"");
 WriteLiteral(">&lt;None Specified&gt;</span>\r\n");
 
             
-            #line 355 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 691 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                     }
                     else
                     {
@@ -1122,7 +2114,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                            ");
 
             
-            #line 359 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 695 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                        Write(Model.DeviceFlag.OnUnassignmentExpression);
 
             
@@ -1131,7 +2123,7 @@ WriteLiteral("                            ");
 WriteLiteral("\r\n                        </div>\r\n");
 
             
-            #line 361 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 697 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                     }
                 }
 
@@ -1163,7 +2155,7 @@ WriteLiteral(">\r\n            <th>\r\n                Linked Groups:\r\n
 WriteLiteral("                    ");
 
             
-            #line 377 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 713 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(Html.Partial(MVC.Config.Shared.Views.LinkedGroupInstance, new LinkedGroupModel()
                {
                    CanConfigure = canConfig,
@@ -1182,7 +2174,7 @@ WriteLiteral("\r\n");
 WriteLiteral("                    ");
 
             
-            #line 386 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 722 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(Html.Partial(MVC.Config.Shared.Views.LinkedGroupInstance, new LinkedGroupModel()
                {
                    CanConfigure = canConfig,
@@ -1199,13 +2191,13 @@ WriteLiteral("                    ");
 WriteLiteral("\r\n");
 
             
-            #line 395 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 731 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 395 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 731 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                      if (canConfig)
                     {
                         
@@ -1213,14 +2205,14 @@ WriteLiteral("\r\n");
             #line default
             #line hidden
             
-            #line 397 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 733 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                    Write(Html.Partial(MVC.Config.Shared.Views.LinkedGroupShared));
 
             
             #line default
             #line hidden
             
-            #line 397 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 733 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                                 
                     }
 
@@ -1230,7 +2222,7 @@ WriteLiteral("\r\n");
 WriteLiteral("                </div>\r\n            </td>\r\n        </tr>\r\n    </table>\r\n</div>\r\n");
 
             
-            #line 404 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 740 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
  if (canBulkAssignment || canDelete || canShowDevices || canExportCurrent || canExportAll)
 {
 
@@ -1244,13 +2236,13 @@ WriteLiteral(" class=\"actionBar\"");
 WriteLiteral(">\r\n");
 
             
-            #line 407 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 743 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
         
             
             #line default
             #line hidden
             
-            #line 407 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 743 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
          if (canExportCurrent)
         {
             
@@ -1258,14 +2250,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 409 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 745 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
        Write(Html.ActionLinkButton("Export Current Assignments", MVC.Config.DeviceFlag.Export(null, Model.DeviceFlag.Id, true), "Config_DeviceFlags_Actions_ExportCurrent_Button"));
 
             
             #line default
             #line hidden
             
-            #line 409 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 745 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                                                                                                                                   
         }
 
@@ -1275,7 +2267,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("        ");
 
             
-            #line 411 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 747 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
          if (canExportAll)
         {
             
@@ -1283,14 +2275,14 @@ WriteLiteral("        ");
             #line default
             #line hidden
             
-            #line 413 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 749 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
        Write(Html.ActionLinkButton("Export All Assignments", MVC.Config.DeviceFlag.Export(null, Model.DeviceFlag.Id, false), "Config_DeviceFlags_Actions_ExportAll_Button"));
 
             
             #line default
             #line hidden
             
-            #line 413 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 749 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                                                                                                                            
         }
 
@@ -1300,7 +2292,7 @@ WriteLiteral("        ");
 WriteLiteral("        ");
 
             
-            #line 415 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 751 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
          if (canBulkAssignment)
         {
 
@@ -1394,7 +2386,7 @@ WriteLiteral(" method=\"post\"");
 WriteLiteral(" data-overrideaction=\"");
 
             
-            #line 447 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 783 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                 Write(Url.Action(MVC.API.DeviceFlag.BulkAssignDevices(Model.DeviceFlag.Id, true)));
 
             
@@ -1405,7 +2397,7 @@ WriteLiteral("\"");
 WriteLiteral(" data-addaction=\"");
 
             
-            #line 447 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 783 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                                                                                                                 Write(Url.Action(MVC.API.DeviceFlag.BulkAssignDevices(Model.DeviceFlag.Id, false)));
 
             
@@ -1418,7 +2410,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                    ");
 
             
-            #line 448 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 784 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(Html.AntiForgeryToken());
 
             
@@ -1478,7 +2470,7 @@ WriteLiteral("            <script>\r\n                $(function () {\r\n
 "            $.getJSON(\'");
 
             
-            #line 513 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 849 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                   Write(Url.Action(MVC.API.DeviceFlag.AssignedDevices(Model.DeviceFlag.Id)));
 
             
@@ -1516,7 +2508,7 @@ WriteLiteral(@"', function (response, result) {
 ");
 
             
-            #line 542 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 878 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
         }
 
             
@@ -1525,7 +2517,7 @@ WriteLiteral(@"', function (response, result) {
 WriteLiteral("        ");
 
             
-            #line 543 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 879 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
          if (canDelete)
         {
 
@@ -1553,13 +2545,13 @@ WriteLiteral(" title=\"Delete this Device Flag?\"");
 WriteLiteral(">\r\n");
 
             
-            #line 547 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 883 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 547 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 883 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                  using (Html.BeginForm(MVC.API.DeviceFlag.Delete(Model.DeviceFlag.Id, true)))
                 {
                     
@@ -1567,14 +2559,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 549 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 885 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 549 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 885 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                             
                 }
 
@@ -1589,13 +2581,13 @@ WriteLiteral("></i>\r\n                    This item will be permanently deleted
 "covered.<br />\r\n                    <br />\r\n");
 
             
-            #line 555 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 891 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 555 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 891 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                      if (Model.CurrentAssignmentCount > 0)
                     {
 
@@ -1605,7 +2597,7 @@ WriteLiteral("></i>\r\n                    This item will be permanently deleted
 WriteLiteral("                        <strong>");
 
             
-            #line 557 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 893 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                            Write(Model.CurrentAssignmentCount);
 
             
@@ -1614,7 +2606,7 @@ WriteLiteral("                        <strong>");
 WriteLiteral(" device");
 
             
-            #line 557 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 893 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                 Write(Model.CurrentAssignmentCount != 1 ? "s are" : " is");
 
             
@@ -1627,7 +2619,7 @@ WriteLiteral("                        <br />\r\n");
 WriteLiteral("                        <br />\r\n");
 
             
-            #line 560 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 896 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                     }
 
             
@@ -1668,7 +2660,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 590 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 926 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
         }
 
             
@@ -1677,7 +2669,7 @@ WriteLiteral(@">
 WriteLiteral("        ");
 
             
-            #line 591 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 927 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
          if (canShowDevices)
         {
             
@@ -1685,14 +2677,14 @@ WriteLiteral("        ");
             #line default
             #line hidden
             
-            #line 593 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 929 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
        Write(Html.ActionLinkButton(string.Format("Show {0} device{1}", Model.CurrentAssignmentCount, (Model.CurrentAssignmentCount == 1 ? null : "s")), MVC.Search.Query(Model.DeviceFlag.Id.ToString(), "DeviceFlag"), "Config_DeviceFlags_Actions_ShowDevices_Button"));
 
             
             #line default
             #line hidden
             
-            #line 593 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 929 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
                                                                                                                                                                                                                                                                         
         }
 
@@ -1702,7 +2694,7 @@ WriteLiteral("        ");
 WriteLiteral("    </div>\r\n");
 
             
-            #line 596 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
+            #line 932 "..\..\Areas\Config\Views\DeviceFlag\Show.cshtml"
 }
 
             
diff --git a/Disco.Web/Areas/Config/Views/UserFlag/Show.cshtml b/Disco.Web/Areas/Config/Views/UserFlag/Show.cshtml
index 163079a5..4d8520ea 100644
--- a/Disco.Web/Areas/Config/Views/UserFlag/Show.cshtml
+++ b/Disco.Web/Areas/Config/Views/UserFlag/Show.cshtml
@@ -15,6 +15,7 @@
     var canExportAll = Model.TotalAssignmentCount > 0 && Authorization.Has(Claims.Config.UserFlag.Export);
 
     var hideAdvanced =
+        Model.Permission.IsDefault() &&
         Model.UserFlag.UserDevicesLinkedGroup == null &&
         Model.UserFlag.UsersLinkedGroup == null &&
         Model.UserFlag.OnAssignmentExpression == null &&
@@ -229,6 +230,340 @@
                 </td>
             </tr>
         }
+        <tr class="Config_HideAdvanced_Item">
+            <th>
+                Assignment Permission<br />
+                Override:
+            </th>
+            <td>
+                @if (!Model.Permission.IsDefault())
+                {
+                    var permission = Model.Permission;
+                    <div>
+                        @if (permission.Inherit)
+                        {
+                            <span><i class="fa fa-check-square-o"></i> Inheriting from Authorization Roles</span>
+                        }
+                        else
+                        {
+                            <span><i class="fa fa-square-o"></i> Authorization Roles are Ignored</span>
+                        }
+                    </div>
+                    if (!permission.HasSubjects())
+                    {
+                        <span class="smallMessage">There are no users/groups associated with this permission override</span>
+                    }
+                    else
+                    {
+                        if (permission.IsSimple())
+                        {
+                            <table class="tableData">
+                                <thead>
+                                    <tr>
+                                        <th>Users/Groups/Roles</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    @foreach (var subjectId in permission.CanShowSubjectIds)
+                                    {
+                                        <tr>
+                                            <td>
+                                                @{
+                                                    int roleId;
+                                                    if (subjectId.StartsWith("[") && int.TryParse(subjectId.Trim('[', ']'), out roleId))
+                                                    {
+                                                        <span>@Disco.Services.Users.UserService.GetAuthorizationRoleName(roleId) @subjectId</span>
+                                                    }
+                                                    else
+                                                    {
+                                                        <span>@subjectId</span>
+                                                    }
+                                                }
+                                            </td>
+                                        </tr>
+                                    }
+                                </tbody>
+                            </table>
+                            <div class="info-box">
+                                <p class="fa-p">
+                                    <i class="fa fa-fw fa-info-circle"></i> All users/groups/roles can view, assign, edit assignments, and remove assignments for this flag.
+                                </p>
+                            </div>
+                        }
+                        else
+                        {
+                            var subjects = permission.AllSubjects();
+                            <table class="tableData">
+                                <thead>
+                                    <tr>
+                                        <th>Users/Groups/Roles</th>
+                                        <th>View</th>
+                                        <th>Assign</th>
+                                        <th>Edit</th>
+                                        <th>Remove</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    @foreach (var subjectId in subjects.OrderBy(s => s))
+                                    {
+                                        <tr>
+                                            <td>
+                                                <i class="fa"></i> @{
+                                                    int roleId;
+                                                    if (subjectId.StartsWith("[") && int.TryParse(subjectId.Trim('[', ']'), out roleId))
+                                                    {
+                                                        <span>@Disco.Services.Users.UserService.GetAuthorizationRoleName(roleId) @subjectId</span>
+                                                    }
+                                                    else
+                                                    {
+                                                        <span>@subjectId</span>
+                                                    }
+                                                }
+                                            </td>
+                                            <td>
+                                                @if (permission.CanShowSubjectIds.Contains(subjectId))
+                                                {
+                                                    <i class="fa fa-fw fa-check"></i>
+                                                }
+                                            </td>
+                                            <td>
+                                                @if (permission.CanAssignSubjectIds.Contains(subjectId))
+                                                {
+                                                    <i class="fa fa-fw fa-check"></i>
+                                                }
+                                            </td>
+                                            <td>
+                                                @if (permission.CanEditSubjectIds.Contains(subjectId))
+                                                {
+                                                    <i class="fa fa-fw fa-check"></i>
+                                                }
+                                            </td>
+                                            <td>
+                                                @if (permission.CanRemoveSubjectIds.Contains(subjectId))
+                                                {
+                                                    <i class="fa fa-fw fa-check"></i>
+                                                }
+                                            </td>
+                                        </tr>
+                                    }
+                                </tbody>
+                            </table>
+                        }
+
+                    }
+                }
+                @if (canConfig)
+                {
+                    var permission = Model.Permission;
+                    <button id="Config_Flag_Permission_Edit" class="button small">@(permission.IsDefault() ? "Override" : "Edit") Permission</button>
+
+                    <div id="Config_Flag_Permissions" class="dialog" title="Flag Assignment Permission Override">
+                        @using (Html.BeginForm(MVC.API.UserFlag.Permission(Model.UserFlag.Id)))
+                        {
+                            @Html.AntiForgeryToken()
+                            <input type="hidden" name="IsOverride" value="true" />
+                            <div id="Config_Flag_Permissions_Inherit_Container">
+                                <label>
+                                    <input id="Config_Flag_Permissions_Inherit" type="checkbox" name="Inherit" value="true" @(permission.Inherit ? "checked" : null) /> Inherit Authorization from Authorization Roles
+                                </label>
+                            </div>
+                            <div class="tableDataContainer">
+                                <table class="tableData">
+                                    <thead>
+                                        <tr>
+                                            <th>User/Group/Role</th>
+                                            <th>View</th>
+                                            <th>Assign</th>
+                                            <th>Edit</th>
+                                            <th>Remove</th>
+                                        </tr>
+                                    </thead>
+                                    <tbody>
+                                        @{
+                                            var subjects = permission.AllSubjects();
+
+                                            foreach (var subjectId in subjects.OrderBy(s => s))
+                                            {
+                                                <tr data-subjectid="@subjectId">
+                                                    <td><i class="fa type"></i> <span>@subjectId</span><i class="fa fa-times-circle remove"></i></td>
+                                                    <td>
+                                                        <input type="checkbox" name="CanShow" value="@subjectId" @(permission.CanShowSubjectIds.Contains(subjectId) ? " checked" : null) />
+                                                    </td>
+                                                    <td>
+                                                        <input type="checkbox" name="CanAssign" value="@subjectId" @(permission.CanAssignSubjectIds.Contains(subjectId) ? " checked" : null) />
+                                                    </td>
+                                                    <td>
+                                                        <input type="checkbox" name="CanEdit" value="@subjectId" @(permission.CanEditSubjectIds.Contains(subjectId) ? " checked" : null) />
+                                                    </td>
+                                                    <td>
+                                                        <input type="checkbox" name="CanRemove" value="@subjectId" @(permission.CanRemoveSubjectIds.Contains(subjectId) ? " checked" : null) />
+                                                    </td>
+                                                </tr>
+                                            }
+                                        }
+                                    </tbody>
+                                </table>
+                            </div>
+                            <div>
+                                <input type="text" id="Config_Flag_Permissions_Subject_Input" placeholder="Search Users/Groups" data-autocompleteurl="@(Url.Action(MVC.API.System.SearchSubjects(null, includeAuthorizationRoles: true)))" />
+                                <button type="button" id="Config_Flag_Permissions_Subject_Add" class="button small" data-subjecturl="@Url.Action(MVC.API.System.Subject(null, includeAuthorizationRoles: true))">Add</button>
+                            </div>
+                        }
+                    </div>
+                    <script>
+                        $(function () {
+                            let $dialog = null;
+                            let originalSubjects = null;
+                            let originalInherit = null;
+                            $('#Config_Flag_Permission_Edit').on('click', async function () {
+                                if (!$dialog) {
+                                    $dialog = $('#Config_Flag_Permissions');
+                                    const $tbody = $dialog.find('tbody');
+                                    const $inherit = $dialog.find('#Config_Flag_Permissions_Inherit');
+                                    const $input = $dialog.find('#Config_Flag_Permissions_Subject_Input');
+                                    const $add = $dialog.find('#Config_Flag_Permissions_Subject_Add');
+
+                                    $dialog.dialog({
+                                        resizable: false,
+                                        modal: true,
+                                        autoOpen: false,
+                                        width: 550,
+                                        height: 420,
+                                        buttons: {
+                                            Cancel: function () {
+                                                $(this).dialog('close');
+                                                $tbody.html(originalSubjects);
+                                                $inherit.prop('checked', originalInherit);
+                                            },
+                                            'Remove Override': function () {
+                                                const $this = $(this);
+                                                $(this).dialog('option', 'buttons', null);
+                                                $this.find('input[name="IsOverride"]').val('false');
+                                                $this.find('form').trigger('submit');
+                                            },
+                                            'Save Changes': function () {
+                                                $(this).dialog('option', 'buttons', null);
+                                                $(this).find('form').trigger('submit');
+                                            }
+                                        }
+                                    });
+
+                                    $tbody.on('click', 'i.remove', function () {
+                                        $(this).closest('tr').remove();
+                                    });
+
+                                    $input
+                                        .autocomplete({
+                                            source: $input.attr('data-autocompleteurl'),
+                                            minLength: 2,
+                                            focus: function (e, ui) {
+                                                $input.val(ui.item.Id);
+                                                return false;
+                                            },
+                                            select: function (e, ui) {
+                                                $input.val(ui.item.Id).blur();
+                                                $add.trigger('click');
+                                                $input.val('');
+                                                return false;
+                                            }
+                                        }).data('ui-autocomplete')._renderItem = function (ul, item) {
+                                            return $("<li></li>")
+                                                .data('item.autocomplete', item)
+                                                .append('<a><strong>' + item.Name + '</strong><br>' + item.Id + ' (' + item.Type + ')</a>')
+                                                .appendTo(ul);
+                                        };
+
+                                    $add.on('click', async function () {
+                                        const value = $input.val();
+                                        if (!value) {
+                                            $input.focus();
+                                            return;
+                                        }
+                                        const existing = $tbody.find('tr').filter(function () {
+                                            return $(this).attr('data-subjectid') === value;
+                                        });
+                                        if (existing.length !== 0) {
+                                            $input.val('');
+                                            $input.focus();
+                                            return;
+                                        }
+
+                                        const body = new FormData();
+                                        body.append('id', value);
+                                        const response = await fetch($add.attr('data-subjecturl'), {
+                                            body: body,
+                                            method: 'POST'
+                                        });
+
+                                        if (!response.ok) {
+                                            alert('Unable to lookup User/Group/Role: ' + response.statusText);
+                                            $input.focus();
+                                            return;
+                                        }
+
+                                        const subject = await response.json();
+
+                                        if (!subject) {
+                                            alert('Invalid User/Group');
+                                            $input.focus();
+                                            return;
+                                        }
+
+                                        const $record = $('<tr><td><i class="fa type"></i> <span></span><i class="fa fa-times-circle remove"></i></td><td><input type="checkbox" name="CanShow" checked /></td><td><input type="checkbox" name="CanAssign" checked /></td><td><input type="checkbox" name="CanEdit" checked /></td><td><input type="checkbox" name="CanRemove" checked /></td></tr>');
+                                        $record.attr('data-subjectid', subject.Id);
+                                        $record.find('span').text(subject.Name + ' ' + subject.Id);
+                                        $record.find('i.type').addClass(subject.Type === 'role' ? 'fa-lock' : subject.IsGroup ? 'fa-users' : 'fa-user');
+                                        $record.find('input').val(subject.Id);
+                                        $tbody.append($record);
+                                        $input.val('');
+                                        $input.focus();
+                                    });
+
+                                    const $records = $tbody.find('tr');
+                                    for (var i = 0; i < $records.length; i++) {
+                                        const $record = $($records[i]);
+                                        const body = new FormData();
+                                        body.append('id', $record.attr('data-subjectid'));
+                                        const response = await fetch($add.attr('data-subjecturl'), {
+                                            body: body,
+                                            method: 'POST'
+                                        });
+                                        if (response.ok) {
+                                            const subject = await response.json();
+                                            if (subject) {
+                                                $record.find('span').text(subject.Name + ' ' + subject.Id);
+                                                $record.find('i.type').addClass(subject.Type === 'role' ? 'fa-lock' : subject.IsGroup ? 'fa-users' : 'fa-user');
+                                                continue;
+                                            }
+                                        }
+                                        $record.remove();
+                                    }
+                                    originalInherit = $inherit.prop('checked');
+                                    originalSubjects = $tbody.html();
+                                    $dialog.dialog('open');
+                                } else {
+                                    $dialog.dialog('open');
+                                }
+                            });
+                        });
+                    </script>
+                }
+                <div class="info-box">
+                    <p class="fa-p">
+                        <i class="fa fa-fw fa-info-circle"></i> Flag actions are normally authorized globally by
+                        @if (Authorization.Has(Claims.DiscoAdminAccount))
+                        {
+                            <span><a href="@Url.Action(MVC.Config.AuthorizationRole.Index(null))">Authorization Roles</a>.</span>
+                        }
+                        else
+                        {
+                            <span>Authorization Roles.</span>
+                        }
+                        Overriding individual flag permissions allows for targeted authorization.
+                    </p>
+                </div>
+            </td>
+        </tr>
         <tr class="Config_HideAdvanced_Item">
             <th>
                 On Assignment<br />Expression:
@@ -369,7 +704,6 @@
                 </div>
             </td>
         </tr>
-
         <tr class="Config_HideAdvanced_Item">
             <th>
                 Linked Groups:
@@ -605,4 +939,4 @@
             @Html.ActionLinkButton(string.Format("Show {0} user{1}", Model.CurrentAssignmentCount, (Model.CurrentAssignmentCount == 1 ? null : "s")), MVC.Search.Query(Model.UserFlag.Id.ToString(), "UserFlag"), "Config_UserFlags_Actions_ShowUsers_Button")
         }
     </div>
-}
\ No newline at end of file
+}
diff --git a/Disco.Web/Areas/Config/Views/UserFlag/Show.generated.cs b/Disco.Web/Areas/Config/Views/UserFlag/Show.generated.cs
index 9b5714b8..93ff5e86 100644
--- a/Disco.Web/Areas/Config/Views/UserFlag/Show.generated.cs
+++ b/Disco.Web/Areas/Config/Views/UserFlag/Show.generated.cs
@@ -76,6 +76,7 @@ namespace Disco.Web.Areas.Config.Views.UserFlag
     var canExportAll = Model.TotalAssignmentCount > 0 && Authorization.Has(Claims.Config.UserFlag.Export);
 
     var hideAdvanced =
+        Model.Permission.IsDefault() &&
         Model.UserFlag.UserDevicesLinkedGroup == null &&
         Model.UserFlag.UsersLinkedGroup == null &&
         Model.UserFlag.OnAssignmentExpression == null &&
@@ -90,15 +91,15 @@ WriteLiteral("\r\n<div");
 
 WriteLiteral(" id=\"Config_UserFlags_Show\"");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 1432), Tuple.Create("\"", 1491)
-, Tuple.Create(Tuple.Create("", 1440), Tuple.Create("form", 1440), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 1473), Tuple.Create("\"", 1532)
+, Tuple.Create(Tuple.Create("", 1481), Tuple.Create("form", 1481), true)
             
-            #line 25 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
-, Tuple.Create(Tuple.Create("", 1444), Tuple.Create<System.Object, System.Int32>(hideAdvanced ? " Config_HideAdvanced" : null
+            #line 26 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+, Tuple.Create(Tuple.Create("", 1485), Tuple.Create<System.Object, System.Int32>(hideAdvanced ? " Config_HideAdvanced" : null
             
             #line default
             #line hidden
-, 1444), false)
+, 1485), false)
 );
 
 WriteLiteral(" style=\"width: 550px\"");
@@ -112,7 +113,7 @@ WriteLiteral(">\r\n                Id:\r\n            </th>\r\n            <td>\
 WriteLiteral("                ");
 
             
-            #line 32 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 33 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
            Write(Html.DisplayFor(model => model.UserFlag.Id));
 
             
@@ -122,13 +123,13 @@ WriteLiteral("\r\n            </td>\r\n        </tr>\r\n        <tr>\r\n
 "   Name:\r\n            </th>\r\n            <td>\r\n");
 
             
-            #line 40 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 41 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 40 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 41 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                  if (canConfig)
                 {
                     
@@ -136,42 +137,42 @@ WriteLiteral("\r\n            </td>\r\n        </tr>\r\n        <tr>\r\n
             #line default
             #line hidden
             
-            #line 42 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 43 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(Html.EditorFor(model => model.UserFlag.Name));
 
             
             #line default
             #line hidden
             
-            #line 42 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 43 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                  
                     
             
             #line default
             #line hidden
             
-            #line 43 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 44 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxSave());
 
             
             #line default
             #line hidden
             
-            #line 43 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 44 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                            
                     
             
             #line default
             #line hidden
             
-            #line 44 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 45 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxLoader());
 
             
             #line default
             #line hidden
             
-            #line 44 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 45 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                              
 
             
@@ -187,7 +188,7 @@ WriteLiteral(">\r\n                        $(function () {\r\n
 "             \'");
 
             
-            #line 50 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 51 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                              Write(Url.Action(MVC.API.UserFlag.UpdateName(Model.UserFlag.Id)));
 
             
@@ -197,7 +198,7 @@ WriteLiteral("\',\r\n                                \'FlagName\'\r\n
 "                       });\r\n                    </script>\r\n");
 
             
-            #line 55 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 56 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 }
                 else
                 {
@@ -206,14 +207,14 @@ WriteLiteral("\',\r\n                                \'FlagName\'\r\n
             #line default
             #line hidden
             
-            #line 58 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 59 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(Model.UserFlag.Name);
 
             
             #line default
             #line hidden
             
-            #line 58 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 59 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                         
                 }
 
@@ -224,13 +225,13 @@ WriteLiteral("            </td>\r\n        </tr>\r\n        <tr>\r\n
 " Description:\r\n            </th>\r\n            <td>\r\n");
 
             
-            #line 67 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 68 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 67 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 68 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                  if (canConfig)
                 {
                     
@@ -238,42 +239,42 @@ WriteLiteral("            </td>\r\n        </tr>\r\n        <tr>\r\n
             #line default
             #line hidden
             
-            #line 69 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 70 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(Html.EditorFor(model => model.UserFlag.Description));
 
             
             #line default
             #line hidden
             
-            #line 69 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 70 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                         
                     
             
             #line default
             #line hidden
             
-            #line 70 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 71 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxSave());
 
             
             #line default
             #line hidden
             
-            #line 70 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 71 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                            
                     
             
             #line default
             #line hidden
             
-            #line 71 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 72 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxLoader());
 
             
             #line default
             #line hidden
             
-            #line 71 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 72 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                              
 
             
@@ -291,7 +292,7 @@ WriteLiteral(@">
                                 '");
 
             
-            #line 77 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 78 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                              Write(Url.Action(MVC.API.UserFlag.UpdateDescription(Model.UserFlag.Id)));
 
             
@@ -301,7 +302,7 @@ WriteLiteral("\',\r\n                                \'Description\'\r\n
 "\r\n                        });\r\n                    </script>\r\n");
 
             
-            #line 82 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 83 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 }
                 else
                 {
@@ -312,13 +313,13 @@ WriteLiteral("\',\r\n                                \'Description\'\r\n
 WriteLiteral("                    <pre>\r\n");
 
             
-            #line 86 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 87 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 86 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 87 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                      if (string.IsNullOrEmpty(Model.UserFlag.Description))
                     {
 
@@ -332,7 +333,7 @@ WriteLiteral("&lt;None&gt;");
 WriteLiteral("\r\n");
 
             
-            #line 89 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 90 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                     }
                     else
                     {
@@ -341,14 +342,14 @@ WriteLiteral("\r\n");
             #line default
             #line hidden
             
-            #line 92 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 93 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                    Write(Model.UserFlag.Description.ToHtmlComment());
 
             
             #line default
             #line hidden
             
-            #line 92 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 93 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                    
                     }
 
@@ -358,7 +359,7 @@ WriteLiteral("\r\n");
 WriteLiteral("                    </pre>\r\n");
 
             
-            #line 95 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 96 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 }
 
             
@@ -369,7 +370,7 @@ WriteLiteral("            </td>\r\n        </tr>\r\n        <tr>\r\n
 "");
 
             
-            #line 103 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 104 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                         Write(Model.CurrentAssignmentCount);
 
             
@@ -378,7 +379,7 @@ WriteLiteral("            </td>\r\n        </tr>\r\n        <tr>\r\n
 WriteLiteral(" user");
 
             
-            #line 103 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 104 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                            Write(Model.CurrentAssignmentCount != 1 ? "s" : null);
 
             
@@ -387,7 +388,7 @@ WriteLiteral(" user");
 WriteLiteral(" currently assigned</strong></div>\r\n                <div>");
 
             
-            #line 104 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 105 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 Write(Model.TotalAssignmentCount);
 
             
@@ -396,7 +397,7 @@ WriteLiteral(" currently assigned</strong></div>\r\n                <div>");
 WriteLiteral(" total user historical assignment");
 
             
-            #line 104 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 105 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                              Write(Model.TotalAssignmentCount != 1 ? "s" : null);
 
             
@@ -410,7 +411,7 @@ WriteLiteral(" id=\"Config_UserFlags_Icon\"");
 WriteLiteral(" data-icon=\"");
 
             
-            #line 112 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 113 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                      Write(Model.UserFlag.Icon);
 
             
@@ -421,7 +422,7 @@ WriteLiteral("\"");
 WriteLiteral(" data-colour=\"");
 
             
-            #line 112 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 113 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                                           Write(Model.UserFlag.IconColour);
 
             
@@ -429,37 +430,37 @@ WriteLiteral(" data-colour=\"");
             #line hidden
 WriteLiteral("\"");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 4656), Tuple.Create("\"", 4729)
-, Tuple.Create(Tuple.Create("", 4664), Tuple.Create("fa", 4664), true)
-, Tuple.Create(Tuple.Create(" ", 4666), Tuple.Create("fa-", 4667), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 4697), Tuple.Create("\"", 4770)
+, Tuple.Create(Tuple.Create("", 4705), Tuple.Create("fa", 4705), true)
+, Tuple.Create(Tuple.Create(" ", 4707), Tuple.Create("fa-", 4708), true)
             
-            #line 112 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
-                                                          , Tuple.Create(Tuple.Create("", 4670), Tuple.Create<System.Object, System.Int32>(Model.UserFlag.Icon
+            #line 113 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                          , Tuple.Create(Tuple.Create("", 4711), Tuple.Create<System.Object, System.Int32>(Model.UserFlag.Icon
             
             #line default
             #line hidden
-, 4670), false)
-, Tuple.Create(Tuple.Create(" ", 4692), Tuple.Create("fa-4x", 4693), true)
-, Tuple.Create(Tuple.Create(" ", 4698), Tuple.Create("d-", 4699), true)
+, 4711), false)
+, Tuple.Create(Tuple.Create(" ", 4733), Tuple.Create("fa-4x", 4734), true)
+, Tuple.Create(Tuple.Create(" ", 4739), Tuple.Create("d-", 4740), true)
             
-            #line 112 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
-                                                                                         , Tuple.Create(Tuple.Create("", 4701), Tuple.Create<System.Object, System.Int32>(Model.UserFlag.IconColour
+            #line 113 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                                         , Tuple.Create(Tuple.Create("", 4742), Tuple.Create<System.Object, System.Int32>(Model.UserFlag.IconColour
             
             #line default
             #line hidden
-, 4701), false)
+, 4742), false)
 );
 
 WriteLiteral("></i>\r\n");
 
             
-            #line 113 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 114 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 113 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 114 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                  if (canConfig)
                 {
 
@@ -485,13 +486,13 @@ WriteLiteral(" title=\"User Flag Icon\"");
 WriteLiteral(">\r\n");
 
             
-            #line 118 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 119 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 118 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 119 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                              using (Html.BeginForm(MVC.API.UserFlag.UpdateIconAndColour(id: Model.UserFlag.Id, redirect: true)))
                             {
                                 
@@ -499,14 +500,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 120 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 121 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                            Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 120 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 121 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                         
 
             
@@ -529,7 +530,7 @@ WriteLiteral(" name=\"iconColour\"");
 WriteLiteral(" />\r\n");
 
             
-            #line 123 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 124 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                             }
 
             
@@ -542,13 +543,13 @@ WriteLiteral(" class=\"colours\"");
 WriteLiteral(">\r\n");
 
             
-            #line 126 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 127 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                     
             
             #line default
             #line hidden
             
-            #line 126 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 127 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                      foreach (var colour in Model.ThemeColours)
                                     {
 
@@ -560,7 +561,7 @@ WriteLiteral("                                        <i");
 WriteLiteral(" data-colour=\"");
 
             
-            #line 128 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 129 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                     Write(colour.Key);
 
             
@@ -568,33 +569,33 @@ WriteLiteral(" data-colour=\"");
             #line hidden
 WriteLiteral("\"");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 5718), Tuple.Create("\"", 5754)
-, Tuple.Create(Tuple.Create("", 5726), Tuple.Create("fa", 5726), true)
-, Tuple.Create(Tuple.Create(" ", 5728), Tuple.Create("fa-square", 5729), true)
-, Tuple.Create(Tuple.Create(" ", 5738), Tuple.Create("d-", 5739), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 5759), Tuple.Create("\"", 5795)
+, Tuple.Create(Tuple.Create("", 5767), Tuple.Create("fa", 5767), true)
+, Tuple.Create(Tuple.Create(" ", 5769), Tuple.Create("fa-square", 5770), true)
+, Tuple.Create(Tuple.Create(" ", 5779), Tuple.Create("d-", 5780), true)
             
-            #line 128 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
-              , Tuple.Create(Tuple.Create("", 5741), Tuple.Create<System.Object, System.Int32>(colour.Key
+            #line 129 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+              , Tuple.Create(Tuple.Create("", 5782), Tuple.Create<System.Object, System.Int32>(colour.Key
             
             #line default
             #line hidden
-, 5741), false)
+, 5782), false)
 );
 
-WriteAttribute("title", Tuple.Create(" title=\"", 5755), Tuple.Create("\"", 5776)
+WriteAttribute("title", Tuple.Create(" title=\"", 5796), Tuple.Create("\"", 5817)
             
-            #line 128 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
-                                   , Tuple.Create(Tuple.Create("", 5763), Tuple.Create<System.Object, System.Int32>(colour.Value
+            #line 129 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                   , Tuple.Create(Tuple.Create("", 5804), Tuple.Create<System.Object, System.Int32>(colour.Value
             
             #line default
             #line hidden
-, 5763), false)
+, 5804), false)
 );
 
 WriteLiteral("></i>\r\n");
 
             
-            #line 129 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 130 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                     }
 
             
@@ -607,13 +608,13 @@ WriteLiteral(" class=\"icons\"");
 WriteLiteral(">\r\n");
 
             
-            #line 132 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 133 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                     
             
             #line default
             #line hidden
             
-            #line 132 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 133 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                      foreach (var icon in Model.Icons)
                                     {
 
@@ -625,7 +626,7 @@ WriteLiteral("                                        <i");
 WriteLiteral(" data-icon=\"");
 
             
-            #line 134 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 135 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                   Write(icon.Key);
 
             
@@ -633,32 +634,32 @@ WriteLiteral(" data-icon=\"");
             #line hidden
 WriteLiteral("\"");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 6093), Tuple.Create("\"", 6118)
-, Tuple.Create(Tuple.Create("", 6101), Tuple.Create("fa", 6101), true)
-, Tuple.Create(Tuple.Create(" ", 6103), Tuple.Create("fa-", 6104), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 6134), Tuple.Create("\"", 6159)
+, Tuple.Create(Tuple.Create("", 6142), Tuple.Create("fa", 6142), true)
+, Tuple.Create(Tuple.Create(" ", 6144), Tuple.Create("fa-", 6145), true)
             
-            #line 134 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
- , Tuple.Create(Tuple.Create("", 6107), Tuple.Create<System.Object, System.Int32>(icon.Key
+            #line 135 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+ , Tuple.Create(Tuple.Create("", 6148), Tuple.Create<System.Object, System.Int32>(icon.Key
             
             #line default
             #line hidden
-, 6107), false)
+, 6148), false)
 );
 
-WriteAttribute("title", Tuple.Create(" title=\"", 6119), Tuple.Create("\"", 6138)
+WriteAttribute("title", Tuple.Create(" title=\"", 6160), Tuple.Create("\"", 6179)
             
-            #line 134 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
-                    , Tuple.Create(Tuple.Create("", 6127), Tuple.Create<System.Object, System.Int32>(icon.Value
+            #line 135 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                    , Tuple.Create(Tuple.Create("", 6168), Tuple.Create<System.Object, System.Int32>(icon.Value
             
             #line default
             #line hidden
-, 6127), false)
+, 6168), false)
 );
 
 WriteLiteral("></i>\r\n");
 
             
-            #line 135 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 136 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                     }
 
             
@@ -716,7 +717,7 @@ WriteLiteral("                                </div>\r\n
 " }());\r\n                        </script>\r\n                    </div>\r\n");
 
             
-            #line 212 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 213 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 }
 
             
@@ -725,13 +726,13 @@ WriteLiteral("                                </div>\r\n
 WriteLiteral("            </td>\r\n        </tr>\r\n");
 
             
-            #line 215 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 216 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
         
             
             #line default
             #line hidden
             
-            #line 215 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 216 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
          if (hideAdvanced)
         {
 
@@ -765,7 +766,7 @@ WriteLiteral(@">Show Advanced Options</button>
 ");
 
             
-            #line 231 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 232 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
         }
 
             
@@ -775,17 +776,1007 @@ WriteLiteral("        <tr");
 
 WriteLiteral(" class=\"Config_HideAdvanced_Item\"");
 
-WriteLiteral(">\r\n            <th>\r\n                On Assignment<br />Expression:\r\n            " +
-"</th>\r\n            <td>\r\n");
+WriteLiteral(">\r\n            <th>\r\n                Assignment Permission<br />\r\n               " +
+" Override:\r\n            </th>\r\n            <td>\r\n");
 
             
-            #line 237 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 239 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 237 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 239 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                 if (!Model.Permission.IsDefault())
+                {
+                    var permission = Model.Permission;
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                    <div>\r\n");
+
+            
+            #line 243 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                        
+            
+            #line default
+            #line hidden
+            
+            #line 243 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                         if (permission.Inherit)
+                        {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <span><i");
+
+WriteLiteral(" class=\"fa fa-check-square-o\"");
+
+WriteLiteral("></i> Inheriting from Authorization Roles</span>\r\n");
+
+            
+            #line 246 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                        }
+                        else
+                        {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <span><i");
+
+WriteLiteral(" class=\"fa fa-square-o\"");
+
+WriteLiteral("></i> Authorization Roles are Ignored</span>\r\n");
+
+            
+            #line 250 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                        }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                    </div>\r\n");
+
+            
+            #line 252 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                    if (!permission.HasSubjects())
+                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                        <span");
+
+WriteLiteral(" class=\"smallMessage\"");
+
+WriteLiteral(">There are no users/groups associated with this permission override</span>\r\n");
+
+            
+            #line 255 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                    }
+                    else
+                    {
+                        if (permission.IsSimple())
+                        {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <table");
+
+WriteLiteral(" class=\"tableData\"");
+
+WriteLiteral(@">
+                                <thead>
+                                    <tr>
+                                        <th>Users/Groups/Roles</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+");
+
+            
+            #line 267 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                    
+            
+            #line default
+            #line hidden
+            
+            #line 267 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                     foreach (var subjectId in permission.CanShowSubjectIds)
+                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                        <tr>\r\n                                   " +
+"         <td>\r\n");
+
+            
+            #line 271 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                
+            
+            #line default
+            #line hidden
+            
+            #line 271 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                  
+                                                    int roleId;
+                                                    if (subjectId.StartsWith("[") && int.TryParse(subjectId.Trim('[', ']'), out roleId))
+                                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                        <span>");
+
+            
+            #line 275 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                         Write(Disco.Services.Users.UserService.GetAuthorizationRoleName(roleId));
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" ");
+
+            
+            #line 275 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                                                                            Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("</span>\r\n");
+
+            
+            #line 276 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                    }
+                                                    else
+                                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                        <span>");
+
+            
+            #line 279 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                         Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("</span>\r\n");
+
+            
+            #line 280 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                    }
+                                                
+            
+            #line default
+            #line hidden
+WriteLiteral("\r\n                                            </td>\r\n                            " +
+"            </tr>\r\n");
+
+            
+            #line 284 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                    }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                </tbody>\r\n                            </table>\r\n");
+
+WriteLiteral("                            <div");
+
+WriteLiteral(" class=\"info-box\"");
+
+WriteLiteral(">\r\n                                <p");
+
+WriteLiteral(" class=\"fa-p\"");
+
+WriteLiteral(">\r\n                                    <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-info-circle\"");
+
+WriteLiteral("></i> All users/groups/roles can view, assign, edit assignments, and remove assig" +
+"nments for this flag.\r\n                                </p>\r\n                   " +
+"         </div>\r\n");
+
+            
+            #line 292 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                        }
+                        else
+                        {
+                            var subjects = permission.AllSubjects();
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <table");
+
+WriteLiteral(" class=\"tableData\"");
+
+WriteLiteral(@">
+                                <thead>
+                                    <tr>
+                                        <th>Users/Groups/Roles</th>
+                                        <th>View</th>
+                                        <th>Assign</th>
+                                        <th>Edit</th>
+                                        <th>Remove</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+");
+
+            
+            #line 307 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                    
+            
+            #line default
+            #line hidden
+            
+            #line 307 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                     foreach (var subjectId in subjects.OrderBy(s => s))
+                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                        <tr>\r\n                                   " +
+"         <td>\r\n                                                <i");
+
+WriteLiteral(" class=\"fa\"");
+
+WriteLiteral("></i> ");
+
+            
+            #line 311 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                     
+                                                    int roleId;
+                                                    if (subjectId.StartsWith("[") && int.TryParse(subjectId.Trim('[', ']'), out roleId))
+                                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                        <span>");
+
+            
+            #line 315 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                         Write(Disco.Services.Users.UserService.GetAuthorizationRoleName(roleId));
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" ");
+
+            
+            #line 315 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                                                                            Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("</span>\r\n");
+
+            
+            #line 316 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                    }
+                                                    else
+                                                    {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                        <span>");
+
+            
+            #line 319 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                         Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("</span>\r\n");
+
+            
+            #line 320 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                    }
+                                                
+            
+            #line default
+            #line hidden
+WriteLiteral("\r\n                                            </td>\r\n                            " +
+"                <td>\r\n");
+
+            
+            #line 324 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                
+            
+            #line default
+            #line hidden
+            
+            #line 324 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                 if (permission.CanShowSubjectIds.Contains(subjectId))
+                                                {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                    <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-check\"");
+
+WriteLiteral("></i>\r\n");
+
+            
+            #line 327 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                            </td>\r\n                              " +
+"              <td>\r\n");
+
+            
+            #line 330 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                
+            
+            #line default
+            #line hidden
+            
+            #line 330 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                 if (permission.CanAssignSubjectIds.Contains(subjectId))
+                                                {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                    <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-check\"");
+
+WriteLiteral("></i>\r\n");
+
+            
+            #line 333 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                            </td>\r\n                              " +
+"              <td>\r\n");
+
+            
+            #line 336 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                
+            
+            #line default
+            #line hidden
+            
+            #line 336 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                 if (permission.CanEditSubjectIds.Contains(subjectId))
+                                                {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                    <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-check\"");
+
+WriteLiteral("></i>\r\n");
+
+            
+            #line 339 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                            </td>\r\n                              " +
+"              <td>\r\n");
+
+            
+            #line 342 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                
+            
+            #line default
+            #line hidden
+            
+            #line 342 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                 if (permission.CanRemoveSubjectIds.Contains(subjectId))
+                                                {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                    <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-check\"");
+
+WriteLiteral("></i>\r\n");
+
+            
+            #line 345 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                            </td>\r\n                              " +
+"          </tr>\r\n");
+
+            
+            #line 348 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                    }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                </tbody>\r\n                            </table>\r\n");
+
+            
+            #line 351 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                        }
+
+                    }
+                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                ");
+
+            
+            #line 355 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                 if (canConfig)
+                {
+                    var permission = Model.Permission;
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                    <button");
+
+WriteLiteral(" id=\"Config_Flag_Permission_Edit\"");
+
+WriteLiteral(" class=\"button small\"");
+
+WriteLiteral(">");
+
+            
+            #line 358 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                              Write(permission.IsDefault() ? "Override" : "Edit");
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" Permission</button>\r\n");
+
+            
+            #line 359 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                    <div");
+
+WriteLiteral(" id=\"Config_Flag_Permissions\"");
+
+WriteLiteral(" class=\"dialog\"");
+
+WriteLiteral(" title=\"Flag Assignment Permission Override\"");
+
+WriteLiteral(">\r\n");
+
+            
+            #line 361 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                        
+            
+            #line default
+            #line hidden
+            
+            #line 361 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                         using (Html.BeginForm(MVC.API.UserFlag.Permission(Model.UserFlag.Id)))
+                        {
+                            
+            
+            #line default
+            #line hidden
+            
+            #line 363 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                       Write(Html.AntiForgeryToken());
+
+            
+            #line default
+            #line hidden
+            
+            #line 363 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                    
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <input");
+
+WriteLiteral(" type=\"hidden\"");
+
+WriteLiteral(" name=\"IsOverride\"");
+
+WriteLiteral(" value=\"true\"");
+
+WriteLiteral(" />\r\n");
+
+WriteLiteral("                            <div");
+
+WriteLiteral(" id=\"Config_Flag_Permissions_Inherit_Container\"");
+
+WriteLiteral(">\r\n                                <label>\r\n                                    <" +
+"input");
+
+WriteLiteral(" id=\"Config_Flag_Permissions_Inherit\"");
+
+WriteLiteral(" type=\"checkbox\"");
+
+WriteLiteral(" name=\"Inherit\"");
+
+WriteLiteral(" value=\"true\"");
+
+WriteLiteral(" ");
+
+            
+            #line 367 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                                                                        Write(permission.Inherit ? "checked" : null);
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" /> Inherit Authorization from Authorization Roles\r\n                             " +
+"   </label>\r\n                            </div>\r\n");
+
+WriteLiteral("                            <div");
+
+WriteLiteral(" class=\"tableDataContainer\"");
+
+WriteLiteral(">\r\n                                <table");
+
+WriteLiteral(" class=\"tableData\"");
+
+WriteLiteral(@">
+                                    <thead>
+                                        <tr>
+                                            <th>User/Group/Role</th>
+                                            <th>View</th>
+                                            <th>Assign</th>
+                                            <th>Edit</th>
+                                            <th>Remove</th>
+                                        </tr>
+                                    </thead>
+                                    <tbody>
+");
+
+            
+            #line 382 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                        
+            
+            #line default
+            #line hidden
+            
+            #line 382 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                          
+                                            var subjects = permission.AllSubjects();
+
+                                            foreach (var subjectId in subjects.OrderBy(s => s))
+                                            {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                                                <tr");
+
+WriteLiteral(" data-subjectid=\"");
+
+            
+            #line 387 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                               Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("\"");
+
+WriteLiteral(">\r\n                                                    <td><i");
+
+WriteLiteral(" class=\"fa type\"");
+
+WriteLiteral("></i> <span>");
+
+            
+            #line 388 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                                 Write(subjectId);
+
+            
+            #line default
+            #line hidden
+WriteLiteral("</span><i");
+
+WriteLiteral(" class=\"fa fa-times-circle remove\"");
+
+WriteLiteral("></i></td>\r\n                                                    <td>\r\n           " +
+"                                             <input");
+
+WriteLiteral(" type=\"checkbox\"");
+
+WriteLiteral(" name=\"CanShow\"");
+
+WriteAttribute("value", Tuple.Create(" value=\"", 20091), Tuple.Create("\"", 20109)
+            
+            #line 390 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                    , Tuple.Create(Tuple.Create("", 20099), Tuple.Create<System.Object, System.Int32>(subjectId
+            
+            #line default
+            #line hidden
+, 20099), false)
+);
+
+WriteLiteral(" ");
+
+            
+            #line 390 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                                                             Write(permission.CanShowSubjectIds.Contains(subjectId) ? " checked" : null);
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" />\r\n                                                    </td>\r\n                 " +
+"                                   <td>\r\n                                       " +
+"                 <input");
+
+WriteLiteral(" type=\"checkbox\"");
+
+WriteLiteral(" name=\"CanAssign\"");
+
+WriteAttribute("value", Tuple.Create(" value=\"", 20399), Tuple.Create("\"", 20417)
+            
+            #line 393 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                      , Tuple.Create(Tuple.Create("", 20407), Tuple.Create<System.Object, System.Int32>(subjectId
+            
+            #line default
+            #line hidden
+, 20407), false)
+);
+
+WriteLiteral(" ");
+
+            
+            #line 393 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                                                               Write(permission.CanAssignSubjectIds.Contains(subjectId) ? " checked" : null);
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" />\r\n                                                    </td>\r\n                 " +
+"                                   <td>\r\n                                       " +
+"                 <input");
+
+WriteLiteral(" type=\"checkbox\"");
+
+WriteLiteral(" name=\"CanEdit\"");
+
+WriteAttribute("value", Tuple.Create(" value=\"", 20707), Tuple.Create("\"", 20725)
+            
+            #line 396 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                    , Tuple.Create(Tuple.Create("", 20715), Tuple.Create<System.Object, System.Int32>(subjectId
+            
+            #line default
+            #line hidden
+, 20715), false)
+);
+
+WriteLiteral(" ");
+
+            
+            #line 396 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                                                             Write(permission.CanEditSubjectIds.Contains(subjectId) ? " checked" : null);
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" />\r\n                                                    </td>\r\n                 " +
+"                                   <td>\r\n                                       " +
+"                 <input");
+
+WriteLiteral(" type=\"checkbox\"");
+
+WriteLiteral(" name=\"CanRemove\"");
+
+WriteAttribute("value", Tuple.Create(" value=\"", 21015), Tuple.Create("\"", 21033)
+            
+            #line 399 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                      , Tuple.Create(Tuple.Create("", 21023), Tuple.Create<System.Object, System.Int32>(subjectId
+            
+            #line default
+            #line hidden
+, 21023), false)
+);
+
+WriteLiteral(" ");
+
+            
+            #line 399 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                                                               Write(permission.CanRemoveSubjectIds.Contains(subjectId) ? " checked" : null);
+
+            
+            #line default
+            #line hidden
+WriteLiteral(" />\r\n                                                    </td>\r\n                 " +
+"                               </tr>\r\n");
+
+            
+            #line 402 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                            }
+                                        
+            
+            #line default
+            #line hidden
+WriteLiteral("\r\n                                    </tbody>\r\n                                <" +
+"/table>\r\n                            </div>\r\n");
+
+WriteLiteral("                            <div>\r\n                                <input");
+
+WriteLiteral(" type=\"text\"");
+
+WriteLiteral(" id=\"Config_Flag_Permissions_Subject_Input\"");
+
+WriteLiteral(" placeholder=\"Search Users/Groups\"");
+
+WriteLiteral(" data-autocompleteurl=\"");
+
+            
+            #line 408 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                                                                                                  Write(Url.Action(MVC.API.System.SearchSubjects(null, includeAuthorizationRoles: true)));
+
+            
+            #line default
+            #line hidden
+WriteLiteral("\"");
+
+WriteLiteral(" />\r\n                                <button");
+
+WriteLiteral(" type=\"button\"");
+
+WriteLiteral(" id=\"Config_Flag_Permissions_Subject_Add\"");
+
+WriteLiteral(" class=\"button small\"");
+
+WriteLiteral(" data-subjecturl=\"");
+
+            
+            #line 409 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                                                                                                                                Write(Url.Action(MVC.API.System.Subject(null, includeAuthorizationRoles: true)));
+
+            
+            #line default
+            #line hidden
+WriteLiteral("\"");
+
+WriteLiteral(">Add</button>\r\n                            </div>\r\n");
+
+            
+            #line 411 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                        }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                    </div>\r\n");
+
+WriteLiteral("                    <script>\r\n                        $(function () {\r\n          " +
+"                  let $dialog = null;\r\n                            let originalS" +
+"ubjects = null;\r\n                            let originalInherit = null;\r\n      " +
+"                      $(\'#Config_Flag_Permission_Edit\').on(\'click\', async functi" +
+"on () {\r\n                                if (!$dialog) {\r\n                      " +
+"              $dialog = $(\'#Config_Flag_Permissions\');\r\n                        " +
+"            const $tbody = $dialog.find(\'tbody\');\r\n                             " +
+"       const $inherit = $dialog.find(\'#Config_Flag_Permissions_Inherit\');\r\n     " +
+"                               const $input = $dialog.find(\'#Config_Flag_Permiss" +
+"ions_Subject_Input\');\r\n                                    const $add = $dialog." +
+"find(\'#Config_Flag_Permissions_Subject_Add\');\r\n\r\n                               " +
+"     $dialog.dialog({\r\n                                        resizable: false," +
+"\r\n                                        modal: true,\r\n                        " +
+"                autoOpen: false,\r\n                                        width:" +
+" 550,\r\n                                        height: 420,\r\n                   " +
+"                     buttons: {\r\n                                            Can" +
+"cel: function () {\r\n                                                $(this).dial" +
+"og(\'close\');\r\n                                                $tbody.html(origin" +
+"alSubjects);\r\n                                                $inherit.prop(\'che" +
+"cked\', originalInherit);\r\n                                            },\r\n      " +
+"                                      \'Remove Override\': function () {\r\n        " +
+"                                        const $this = $(this);\r\n                " +
+"                                $(this).dialog(\'option\', \'buttons\', null);\r\n    " +
+"                                            $this.find(\'input[name=\"IsOverride\"]" +
+"\').val(\'false\');\r\n                                                $this.find(\'fo" +
+"rm\').trigger(\'submit\');\r\n                                            },\r\n       " +
+"                                     \'Save Changes\': function () {\r\n            " +
+"                                    $(this).dialog(\'option\', \'buttons\', null);\r\n" +
+"                                                $(this).find(\'form\').trigger(\'su" +
+"bmit\');\r\n                                            }\r\n                        " +
+"                }\r\n                                    });\r\n\r\n                  " +
+"                  $tbody.on(\'click\', \'i.remove\', function () {\r\n                " +
+"                        $(this).closest(\'tr\').remove();\r\n                       " +
+"             });\r\n\r\n                                    $input\r\n                " +
+"                        .autocomplete({\r\n                                       " +
+"     source: $input.attr(\'data-autocompleteurl\'),\r\n                             " +
+"               minLength: 2,\r\n                                            focus:" +
+" function (e, ui) {\r\n                                                $input.val(" +
+"ui.item.Id);\r\n                                                return false;\r\n   " +
+"                                         },\r\n                                   " +
+"         select: function (e, ui) {\r\n                                           " +
+"     $input.val(ui.item.Id).blur();\r\n                                           " +
+"     $add.trigger(\'click\');\r\n                                                $in" +
+"put.val(\'\');\r\n                                                return false;\r\n   " +
+"                                         }\r\n                                    " +
+"    }).data(\'ui-autocomplete\')._renderItem = function (ul, item) {\r\n            " +
+"                                return $(\"<li></li>\")\r\n                         " +
+"                       .data(\'item.autocomplete\', item)\r\n                       " +
+"                         .append(\'<a><strong>\' + item.Name + \'</strong><br>\' + i" +
+"tem.Id + \' (\' + item.Type + \')</a>\')\r\n                                          " +
+"      .appendTo(ul);\r\n                                        };\r\n\r\n            " +
+"                        $add.on(\'click\', async function () {\r\n                  " +
+"                      const value = $input.val();\r\n                             " +
+"           if (!value) {\r\n                                            $input.foc" +
+"us();\r\n                                            return;\r\n                    " +
+"                    }\r\n                                        const existing = " +
+"$tbody.find(\'tr\').filter(function () {\r\n                                        " +
+"    return $(this).attr(\'data-subjectid\') === value;\r\n                          " +
+"              });\r\n                                        if (existing.length !" +
+"== 0) {\r\n                                            $input.val(\'\');\r\n          " +
+"                                  $input.focus();\r\n                             " +
+"               return;\r\n                                        }\r\n\r\n           " +
+"                             const body = new FormData();\r\n                     " +
+"                   body.append(\'id\', value);\r\n                                  " +
+"      const response = await fetch($add.attr(\'data-subjecturl\'), {\r\n            " +
+"                                body: body,\r\n                                   " +
+"         method: \'POST\'\r\n                                        });\r\n\r\n        " +
+"                                if (!response.ok) {\r\n                           " +
+"                 alert(\'Unable to lookup User/Group/Role: \' + response.statusTex" +
+"t);\r\n                                            $input.focus();\r\n              " +
+"                              return;\r\n                                        }" +
+"\r\n\r\n                                        const subject = await response.json(" +
+");\r\n\r\n                                        if (!subject) {\r\n                 " +
+"                           alert(\'Invalid User/Group\');\r\n                       " +
+"                     $input.focus();\r\n                                          " +
+"  return;\r\n                                        }\r\n\r\n                        " +
+"                const $record = $(\'<tr><td><i class=\"fa type\"></i> <span></span>" +
+"<i class=\"fa fa-times-circle remove\"></i></td><td><input type=\"checkbox\" name=\"C" +
+"anShow\" checked /></td><td><input type=\"checkbox\" name=\"CanAssign\" checked /></t" +
+"d><td><input type=\"checkbox\" name=\"CanEdit\" checked /></td><td><input type=\"chec" +
+"kbox\" name=\"CanRemove\" checked /></td></tr>\');\r\n                                " +
+"        $record.attr(\'data-subjectid\', subject.Id);\r\n                           " +
+"             $record.find(\'span\').text(subject.Name + \' \' + subject.Id);\r\n      " +
+"                                  $record.find(\'i.type\').addClass(subject.Type =" +
+"== \'role\' ? \'fa-lock\' : subject.IsGroup ? \'fa-users\' : \'fa-user\');\r\n            " +
+"                            $record.find(\'input\').val(subject.Id);\r\n            " +
+"                            $tbody.append($record);\r\n                           " +
+"             $input.val(\'\');\r\n                                        $input.foc" +
+"us();\r\n                                    });\r\n\r\n                              " +
+"      const $records = $tbody.find(\'tr\');\r\n                                    f" +
+"or (var i = 0; i < $records.length; i++) {\r\n                                    " +
+"    const $record = $($records[i]);\r\n                                        con" +
+"st body = new FormData();\r\n                                        body.append(\'" +
+"id\', $record.attr(\'data-subjectid\'));\r\n                                        c" +
+"onst response = await fetch($add.attr(\'data-subjecturl\'), {\r\n                   " +
+"                         body: body,\r\n                                          " +
+"  method: \'POST\'\r\n                                        });\r\n                 " +
+"                       if (response.ok) {\r\n                                     " +
+"       const subject = await response.json();\r\n                                 " +
+"           if (subject) {\r\n                                                $reco" +
+"rd.find(\'span\').text(subject.Name + \' \' + subject.Id);\r\n                        " +
+"                        $record.find(\'i.type\').addClass(subject.Type === \'role\' " +
+"? \'fa-lock\' : subject.IsGroup ? \'fa-users\' : \'fa-user\');\r\n                      " +
+"                          continue;\r\n                                           " +
+" }\r\n                                        }\r\n                                 " +
+"       $record.remove();\r\n                                    }\r\n               " +
+"                     originalInherit = $inherit.prop(\'checked\');\r\n              " +
+"                      originalSubjects = $tbody.html();\r\n                       " +
+"             $dialog.dialog(\'open\');\r\n                                } else {\r\n" +
+"                                    $dialog.dialog(\'open\');\r\n                   " +
+"             }\r\n                            });\r\n                        });\r\n  " +
+"                  </script>\r\n");
+
+            
+            #line 550 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                <div");
+
+WriteLiteral(" class=\"info-box\"");
+
+WriteLiteral(">\r\n                    <p");
+
+WriteLiteral(" class=\"fa-p\"");
+
+WriteLiteral(">\r\n                        <i");
+
+WriteLiteral(" class=\"fa fa-fw fa-info-circle\"");
+
+WriteLiteral("></i> Flag actions are normally authorized globally by\r\n");
+
+            
+            #line 554 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                        
+            
+            #line default
+            #line hidden
+            
+            #line 554 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                         if (Authorization.Has(Claims.DiscoAdminAccount))
+                        {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <span><a");
+
+WriteAttribute("href", Tuple.Create(" href=\"", 31288), Tuple.Create("\"", 31348)
+            
+            #line 556 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+, Tuple.Create(Tuple.Create("", 31295), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.Config.AuthorizationRole.Index(null))
+            
+            #line default
+            #line hidden
+, 31295), false)
+);
+
+WriteLiteral(">Authorization Roles</a>.</span>\r\n");
+
+            
+            #line 557 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                        }
+                        else
+                        {
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                            <span>Authorization Roles.</span>\r\n");
+
+            
+            #line 561 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                        }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("                        Overriding individual flag permissions allows for targete" +
+"d authorization.\r\n                    </p>\r\n                </div>\r\n            " +
+"</td>\r\n        </tr>\r\n        <tr");
+
+WriteLiteral(" class=\"Config_HideAdvanced_Item\"");
+
+WriteLiteral(">\r\n            <th>\r\n                On Assignment<br />Expression:\r\n            " +
+"</th>\r\n            <td>\r\n");
+
+            
+            #line 572 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+                
+            
+            #line default
+            #line hidden
+            
+            #line 572 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                  if (canConfig)
                 {
                     
@@ -793,56 +1784,56 @@ WriteLiteral(">\r\n            <th>\r\n                On Assignment<br />Expres
             #line default
             #line hidden
             
-            #line 239 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 574 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(Html.EditorFor(model => model.UserFlag.OnAssignmentExpression));
 
             
             #line default
             #line hidden
             
-            #line 239 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 574 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                                    
                     
             
             #line default
             #line hidden
             
-            #line 240 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 575 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxRemove());
 
             
             #line default
             #line hidden
             
-            #line 240 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 575 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                              
                     
             
             #line default
             #line hidden
             
-            #line 241 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 576 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxSave());
 
             
             #line default
             #line hidden
             
-            #line 241 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 576 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                            
                     
             
             #line default
             #line hidden
             
-            #line 242 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 577 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxLoader());
 
             
             #line default
             #line hidden
             
-            #line 242 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 577 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                              
 
             
@@ -864,7 +1855,7 @@ WriteLiteral(@">
                                     '");
 
             
-            #line 252 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 587 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                 Write(Url.Action(MVC.API.UserFlag.UpdateOnAssignmentExpression(Model.UserFlag.Id)));
 
             
@@ -892,7 +1883,7 @@ WriteLiteral("\',\r\n                                    \'OnAssignmentExpressio
 "    </script>\r\n");
 
             
-            #line 281 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 616 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 }
                 else
                 {
@@ -909,7 +1900,7 @@ WriteLiteral(" class=\"smallMessage\"");
 WriteLiteral(">&lt;None Specified&gt;</span>\r\n");
 
             
-            #line 287 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 622 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                     }
                     else
                     {
@@ -926,7 +1917,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                            ");
 
             
-            #line 291 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 626 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                        Write(Model.UserFlag.OnAssignmentExpression);
 
             
@@ -935,7 +1926,7 @@ WriteLiteral("                            ");
 WriteLiteral("\r\n                        </div>\r\n");
 
             
-            #line 293 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 628 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                     }
                 }
 
@@ -965,13 +1956,13 @@ WriteLiteral(">\r\n            <th>\r\n                On Unassignment<br />Expr
 "  </th>\r\n            <td>\r\n");
 
             
-            #line 307 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 642 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 307 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 642 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                  if (canConfig)
                 {
                     
@@ -979,56 +1970,56 @@ WriteLiteral(">\r\n            <th>\r\n                On Unassignment<br />Expr
             #line default
             #line hidden
             
-            #line 309 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 644 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(Html.EditorFor(model => model.UserFlag.OnUnassignmentExpression));
 
             
             #line default
             #line hidden
             
-            #line 309 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 644 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                                      
                     
             
             #line default
             #line hidden
             
-            #line 310 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 645 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxRemove());
 
             
             #line default
             #line hidden
             
-            #line 310 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 645 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                              
                     
             
             #line default
             #line hidden
             
-            #line 311 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 646 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxSave());
 
             
             #line default
             #line hidden
             
-            #line 311 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 646 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                            
                     
             
             #line default
             #line hidden
             
-            #line 312 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 647 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(AjaxHelpers.AjaxLoader());
 
             
             #line default
             #line hidden
             
-            #line 312 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 647 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                              
 
             
@@ -1050,7 +2041,7 @@ WriteLiteral(@">
                                 '");
 
             
-            #line 322 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 657 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                             Write(Url.Action(MVC.API.UserFlag.UpdateOnUnassignmentExpression(Model.UserFlag.Id)));
 
             
@@ -1088,7 +2079,7 @@ WriteLiteral(@"',
 ");
 
             
-            #line 351 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 686 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 }
                 else
                 {
@@ -1105,7 +2096,7 @@ WriteLiteral(" class=\"smallMessage\"");
 WriteLiteral(">&lt;None Specified&gt;</span>\r\n");
 
             
-            #line 357 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 692 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                     }
                     else
                     {
@@ -1122,7 +2113,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                            ");
 
             
-            #line 361 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 696 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                        Write(Model.UserFlag.OnUnassignmentExpression);
 
             
@@ -1131,7 +2122,7 @@ WriteLiteral("                            ");
 WriteLiteral("\r\n                        </div>\r\n");
 
             
-            #line 363 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 698 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                     }
                 }
 
@@ -1152,8 +2143,8 @@ WriteLiteral(" class=\"fa fa-fw fa-info-circle\"");
 
 WriteLiteral("></i>This expression will be evaluated whenever the user flag is removed from a u" +
 "ser. The output of the expression will be shown with the flag assignment.\r\n     " +
-"               </p>\r\n                </div>\r\n            </td>\r\n        </tr>\r\n\r" +
-"\n        <tr");
+"               </p>\r\n                </div>\r\n            </td>\r\n        </tr>\r\n " +
+"       <tr");
 
 WriteLiteral(" class=\"Config_HideAdvanced_Item\"");
 
@@ -1163,7 +2154,7 @@ WriteLiteral(">\r\n            <th>\r\n                Linked Groups:\r\n
 WriteLiteral("                    ");
 
             
-            #line 379 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 713 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(Html.Partial(MVC.Config.Shared.Views.LinkedGroupInstance, new LinkedGroupModel()
                {
                    CanConfigure = canConfig,
@@ -1182,7 +2173,7 @@ WriteLiteral("\r\n");
 WriteLiteral("                    ");
 
             
-            #line 388 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 722 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(Html.Partial(MVC.Config.Shared.Views.LinkedGroupInstance, new LinkedGroupModel()
                {
                    CanConfigure = canConfig,
@@ -1199,13 +2190,13 @@ WriteLiteral("                    ");
 WriteLiteral("\r\n");
 
             
-            #line 397 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 731 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 397 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 731 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                      if (canConfig)
                     {
                         
@@ -1213,14 +2204,14 @@ WriteLiteral("\r\n");
             #line default
             #line hidden
             
-            #line 399 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 733 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                    Write(Html.Partial(MVC.Config.Shared.Views.LinkedGroupShared));
 
             
             #line default
             #line hidden
             
-            #line 399 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 733 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                                 
                     }
 
@@ -1230,7 +2221,7 @@ WriteLiteral("\r\n");
 WriteLiteral("                </div>\r\n            </td>\r\n        </tr>\r\n    </table>\r\n</div>\r\n");
 
             
-            #line 406 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 740 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
  if (canBulkAssignment || canDelete || canShowUsers || canExportCurrent || canExportAll)
 {
 
@@ -1244,13 +2235,13 @@ WriteLiteral(" class=\"actionBar\"");
 WriteLiteral(">\r\n");
 
             
-            #line 409 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 743 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
         
             
             #line default
             #line hidden
             
-            #line 409 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 743 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
          if (canExportCurrent)
         {
             
@@ -1258,14 +2249,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 411 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 745 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
        Write(Html.ActionLinkButton("Export Current Assignments", MVC.Config.UserFlag.Export(null, Model.UserFlag.Id, true), "Config_UserFlags_Actions_ExportCurrent_Button"));
 
             
             #line default
             #line hidden
             
-            #line 411 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 745 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                                                                                                                             
         }
 
@@ -1275,7 +2266,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("        ");
 
             
-            #line 413 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 747 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
          if (canExportAll)
         {
             
@@ -1283,14 +2274,14 @@ WriteLiteral("        ");
             #line default
             #line hidden
             
-            #line 415 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 749 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
        Write(Html.ActionLinkButton("Export All Assignments", MVC.Config.UserFlag.Export(null, Model.UserFlag.Id, false), "Config_UserFlags_Actions_ExportAll_Button"));
 
             
             #line default
             #line hidden
             
-            #line 415 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 749 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                                                                                                                      
         }
 
@@ -1300,7 +2291,7 @@ WriteLiteral("        ");
 WriteLiteral("        ");
 
             
-            #line 417 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 751 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
          if (canBulkAssignment)
         {
 
@@ -1386,7 +2377,7 @@ WriteLiteral(">\r\n                            user6<br />\r\n
 WriteLiteral("                            ");
 
             
-            #line 450 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 784 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                         Write(ActiveDirectory.Context.PrimaryDomain.NetBiosName);
 
             
@@ -1399,7 +2390,7 @@ WriteLiteral(" class=\"code\"");
 WriteLiteral(">user6,smi0099,");
 
             
-            #line 452 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 786 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                     Write(ActiveDirectory.Context.PrimaryDomain.NetBiosName);
 
             
@@ -1412,7 +2403,7 @@ WriteLiteral(" class=\"code\"");
 WriteLiteral(">user6;smi0099;");
 
             
-            #line 453 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 787 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                     Write(ActiveDirectory.Context.PrimaryDomain.NetBiosName);
 
             
@@ -1439,7 +2430,7 @@ WriteLiteral(" method=\"post\"");
 WriteLiteral(" data-overrideaction=\"");
 
             
-            #line 459 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 793 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                 Write(Url.Action(MVC.API.UserFlag.BulkAssignUsers(Model.UserFlag.Id, true)));
 
             
@@ -1450,7 +2441,7 @@ WriteLiteral("\"");
 WriteLiteral(" data-addaction=\"");
 
             
-            #line 459 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 793 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                                                                                                           Write(Url.Action(MVC.API.UserFlag.BulkAssignUsers(Model.UserFlag.Id, false)));
 
             
@@ -1463,7 +2454,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                    ");
 
             
-            #line 460 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 794 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(Html.AntiForgeryToken());
 
             
@@ -1522,7 +2513,7 @@ WriteLiteral("            <script>\r\n                $(function () {\r\n
 "g\');\r\n                            $.getJSON(\'");
 
             
-            #line 525 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 859 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                   Write(Url.Action(MVC.API.UserFlag.AssignedUsers(Model.UserFlag.Id)));
 
             
@@ -1560,7 +2551,7 @@ WriteLiteral(@"', function (response, result) {
 ");
 
             
-            #line 554 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 888 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
         }
 
             
@@ -1569,7 +2560,7 @@ WriteLiteral(@"', function (response, result) {
 WriteLiteral("        ");
 
             
-            #line 555 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 889 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
          if (canDelete)
         {
 
@@ -1597,13 +2588,13 @@ WriteLiteral(" class=\"dialog\"");
 WriteLiteral(">\r\n");
 
             
-            #line 559 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 893 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 559 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 893 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                  using (Html.BeginForm(MVC.API.UserFlag.Delete(Model.UserFlag.Id, true)))
                 {
                     
@@ -1611,14 +2602,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 561 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 895 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 561 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 895 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                             
                 }
 
@@ -1633,13 +2624,13 @@ WriteLiteral("></i>\r\n                    This item will be permanently deleted
 "covered.<br />\r\n                    <br />\r\n");
 
             
-            #line 567 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 901 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 567 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 901 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                      if (Model.CurrentAssignmentCount > 0)
                     {
 
@@ -1649,7 +2640,7 @@ WriteLiteral("></i>\r\n                    This item will be permanently deleted
 WriteLiteral("                        <strong>");
 
             
-            #line 569 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 903 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                            Write(Model.CurrentAssignmentCount);
 
             
@@ -1658,7 +2649,7 @@ WriteLiteral("                        <strong>");
 WriteLiteral(" user");
 
             
-            #line 569 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 903 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                               Write(Model.CurrentAssignmentCount != 1 ? "s are" : " is");
 
             
@@ -1671,7 +2662,7 @@ WriteLiteral("                        <br />\r\n");
 WriteLiteral("                        <br />\r\n");
 
             
-            #line 572 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 906 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                     }
 
             
@@ -1712,7 +2703,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 602 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 936 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
         }
 
             
@@ -1721,7 +2712,7 @@ WriteLiteral(@">
 WriteLiteral("        ");
 
             
-            #line 603 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 937 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
          if (canShowUsers)
         {
             
@@ -1729,14 +2720,14 @@ WriteLiteral("        ");
             #line default
             #line hidden
             
-            #line 605 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 939 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
        Write(Html.ActionLinkButton(string.Format("Show {0} user{1}", Model.CurrentAssignmentCount, (Model.CurrentAssignmentCount == 1 ? null : "s")), MVC.Search.Query(Model.UserFlag.Id.ToString(), "UserFlag"), "Config_UserFlags_Actions_ShowUsers_Button"));
 
             
             #line default
             #line hidden
             
-            #line 605 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 939 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
                                                                                                                                                                                                                                                               
         }
 
@@ -1746,8 +2737,9 @@ WriteLiteral("        ");
 WriteLiteral("    </div>\r\n");
 
             
-            #line 608 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
+            #line 942 "..\..\Areas\Config\Views\UserFlag\Show.cshtml"
 }
+
             
             #line default
             #line hidden
diff --git a/Disco.Web/ClientSource/Style/Config.css b/Disco.Web/ClientSource/Style/Config.css
index a9c33cdb..582773af 100644
--- a/Disco.Web/ClientSource/Style/Config.css
+++ b/Disco.Web/ClientSource/Style/Config.css
@@ -1960,6 +1960,23 @@ h1.Config_DocumentTemplates {
 #Config_DeviceFlags_BulkAssign_AssignDialog.loading > form {
   display: none;
 }
+#Config_Flag_Permissions #Config_Flag_Permissions_Inherit_Container {
+  margin: 5px 0;
+}
+#Config_Flag_Permissions .tableDataContainer {
+  min-height: 260px;
+}
+#Config_Flag_Permissions .tableDataContainer td i.remove {
+  float: right;
+  cursor: pointer;
+  visibility: hidden;
+  color: #e51400;
+  font-size: 1.4em;
+  opacity: 0.8;
+}
+#Config_Flag_Permissions .tableDataContainer td:hover i.remove {
+  visibility: visible;
+}
 #DocumentTemplate_BulkGenerate .actions {
   padding-bottom: 0.5em;
   text-align: right;
diff --git a/Disco.Web/ClientSource/Style/Config.less b/Disco.Web/ClientSource/Style/Config.less
index cf861e45..12fad0f7 100644
--- a/Disco.Web/ClientSource/Style/Config.less
+++ b/Disco.Web/ClientSource/Style/Config.less
@@ -2354,6 +2354,33 @@ h1.Config_DocumentTemplates {
     }
 }
 
+#Config_Flag_Permissions {
+    #Config_Flag_Permissions_Inherit_Container {
+        margin: 5px 0;
+    }
+
+    .tableDataContainer {
+        min-height: 260px;
+
+        td {
+            i.remove {
+                float: right;
+                cursor: pointer;
+                visibility: hidden;
+                color: @StatusRemove;
+                font-size: 1.4em;
+                opacity: .8;
+            }
+        }
+
+        td:hover {
+            i.remove {
+                visibility: visible;
+            }
+        }
+    }
+}
+
 #DocumentTemplate_BulkGenerate {
     .actions {
         padding-bottom: .5em;
diff --git a/Disco.Web/ClientSource/Style/Config.min.css b/Disco.Web/ClientSource/Style/Config.min.css
index b53aa467..f5803bdb 100644
--- a/Disco.Web/ClientSource/Style/Config.min.css
+++ b/Disco.Web/ClientSource/Style/Config.min.css
@@ -1 +1 @@
-.tableData{border:solid 1px #f4f4f4;border-collapse:collapse;}.tableData>tbody>tr>td{border:solid 1px #f4f4f4;background-color:#fff;}.tableData>tbody>tr:nth-child(odd)>td{background-color:hsl(0,0%,98.5%);}.tableData>thead>tr>th,.tableData>tbody>tr>th{background-color:#f4f4f4;border:solid 1px #f4f4f4;}.tableData>tbody>tr:hover>td{background-color:hsl(0,0%,97.5%);}.tableData>tfoot>tr>th,.tableData>tfoot>tr>td{background-color:#f4f4f4;}.tableDataDark{border:solid 1px #d8d8d8;border-collapse:collapse;}.tableDataDark td{border:solid 1px #d8d8d8;background-color:#fff;}.tableDataDark th{background-color:#eee;border:solid 1px #d8d8d8;}.tableDataContainer{background-color:#fff;}.tableDataVertical{border:solid 1px #f4f4f4;border-collapse:collapse;}.tableDataVertical>tbody>tr:nth-child(odd){background-color:#f4f4f4;margin:0;padding:0;}.tableDataVertical>tbody>tr>th.name{width:170px;text-align:right;}.tableDataVertical table.sub>tbody>tr:not(:first-child)>th,.tableDataVertical table.sub>tbody>tr:not(:first-child)>td{border-top:1px dashed #aaa;}.tableDataVertical table.sub>tbody>tr>th{font-weight:normal;text-align:right;}.tableDataVertical table.sub>tbody>tr>th.name{text-align:right;}.icon16{display:inline-block;height:16px;width:16px;margin-left:2px;cursor:pointer;}.subtleUntilHover{-moz-opacity:.3;opacity:.3;}.subtleUntilHover:hover{-moz-opacity:1;opacity:1;}#updateAvailableContainer{float:right;border:1px dashed #ddd;background-color:#fff;font-size:.6em;line-height:1em;padding:10px 10px 4px 70px;text-align:right;height:50px;}#updateAvailableContainer i{position:absolute;display:block;height:64px;width:64px;vertical-align:middle;margin-left:-70px;font-size:50px;color:#e51400;}#updateAvailableContainer button{font-size:12px;margin-top:8px;}.Config_HideAdvanced .Config_HideAdvanced_Item{display:none;}.Config_LinkedGroup_Instance{margin:4px 0 8px 4px;padding:4px 0 4px 6px;border-left:4px solid #ccc;background-color:#fff;}.Config_LinkedGroup_Instance div.code{margin-left:2px;}#Config_LinkedGroup_Dialog h3{margin-bottom:6px;}#Config_LinkedGroup_Dialog table.input{margin-top:12px;}#Config_LinkedGroup_Dialog table.input th{text-align:right;}#expressionEditor #expressionEditorExceptionContainer{display:none;border:1px dashed #ff9696;background-color:#ffd8d8;margin:10px 0;padding:10px;}#expressionEditor #expressionEditorContainer{border:1px solid #1e6dab;background-color:#f4f4f4;height:100px;}.expressionTree span.dynatree-node span.dynatree-icon{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAAAQCAYAAACm53kpAAAGFklEQVRYw+WVe1BUVRzHvwE+QE0ZLF1Y3gTGSxIl4rk85KHFe0cUiIc8IjNx8gUmLJAFpbIKKJmmCSOi4q48zAe6LqAoioiIMlpOqYWxKCroWFNzO2eXXRdYCBqmf/rNfPece+6598738/ud3wJjHPV8WNwphoSO+L+F3HznWaTVbcGDsYQggkhjJPucWIhcGYYP5xnAKnkh0n1skcGxRobzLGx0MsYmR2MUO5qBMzEAiXhvxmLZU94tq/rJqzUV3q08zL+ei/lt+fC9sRt+N0vh334U/rdOYMEtMRnPqzL/4CxSu46jQFIJgSoI93FfZ7Tmi1FsVoSitWuwhv1Pe51ZcO0+g0BHNkqYH7BVrueXsPlhDYou7cYhrh2OOCzCdhQg7SWAcCYK4X/GIPyPBHBfJIP7fAWCe1chuGc9Qp5kIfhRDgIfbkHQo0IESnaCI74yKPNnkNZ5HPldxLxEiEuSw7i7fgl65BCo+Soc2zkaCHLzZSgLpeM2bBsWAscSM90McID5GTuy41BKzfdexOYn51Ao+R5lvwpR9bsAP65chr0z+TijqgLWw7dtI/zatsoy315GVA2/WyJp1uVyr7k6oOxT5ea7BGgk5u+pMt+N7pCRQtiP/VbUdA1qPLrxNLgFrR/T6wLsMlRscj+bpZAdn+tph5SeBvDi/HGYQjCfjObHtdj+8CRKOwQQ/XIIVyT78GhRFAQ6n6NJ9hKrZeGKF3IZdXDIefO/PQH2l7UQUD8FLnXaZG060Uy8c14PnAYjsJwa6Xb5me86KSv7LpL5riEyT8334FmSCOK8T7D6mrLZjhaEpacjFKzxoTAOWE2W1KhZUgFBj9ETRp+juozmFXQ9D3ksBYBIJgJOe32o+S4xPp1riKqGPdho+BrKKQQWxtXe3IMm8SbcFeWi8zMuJDPsIdLNxg3Z1y2TImUTRk1m/tiEoA78NlDwJOZd6gxg/r6/HAA1WZSCJ5IqCKVlL8BVah4Gvny5TuF0/kDzI6mADcgQfIEcfjOuLXmKZ/H0eTImilGfFI3Yo2SLuhSAV5MfNX9hH1Kpeeh4rHEwQnXjN/hWG69WMBfxk/F0dKpD84W1If4y0oJQ3Q779Xno6AMQG0vMvwKTwHUwWpgJQ/+vpIbJolzSa11XMdhuF5QBKEPoKsc9OioaHwXQVwE7satOlXma+RqhLPseC0gFsNVDYeCQRO/xkCkUQLjtJYTemFa0xcUjsTwa0S1kyzjoe7rRvW5u0Hcxw3d2s2BEr+cYw5VCaNqOFu1x6B0PtWJomyTLvzvRHxFTQ3FPdmUekaAq44MqwE1sTPTGQADKEPp1/T4AcgjUvCHIO0YYPGSVC1FRWI1qfg5y8w6hPGkpEk6kI6MuDnH9ADA8aFApHj54UB3qk0M9zUijM42yRgTDxiSdE6q/ZLYoWTnj0rmhTyH0vfaQD5RBn1MBPfeTJPu10HNpgFVK2EAAcgj9FpQA0JCaj68tQbyIPfD8C0sRFvcBQlnWCAHbdqnsCGyYRyAIjqKyoAKVW2MQ25yJzLoVSGkk82sc8ncO9nz3QQB4PDUsJz0soH0KFt+ZIVU0Yzo0AFPuR4OyLW16jaTpndaDH2l6nPNmcK63gHOjFWanRaoCMCiUAVDT1HwWkwiPYzUDIQxdBTzbLGQLDqCsiGZ9LdY1RCPmeglKLKUb9H1dZUmMipKKIUdZPldWFPPmsABId9eESbCiB8DQuxAGpAL0PA7A85yptAJoD6AVMFoAyuaXX8+Wzu2/ZkZ6FHKRa0ErIRZLmyMR2c4H31ZxU9+n/xE4SP7FSBNHkGgaQm6wwG03RsRNG8Qxs4cHYNsyCd6npsLrog6czr1Osq0Lb9LxXepMiMzhdcGSyBauDXNGBYBKlfkRVoA88pFvswQRt7OQZd/vRh8ARaa5zHjVFfBs7vAAqHldZwuwA21gnjAPs9e64C2eNxy+fBeOeSFw2hGu0EgBKJe/077Gf2t+2DAKfLtfBTCMpkJHGB3wGANkMJbIYWyGB0ANjVajCWp6rM3T0Ji2ifxUQV2rQqHxU4i0KomqoKHZN06sGhrAfxVjbX4M4m/gZza+uQwOHQAAAABJRU5ErkJggg==);background-position-y:0;}.expressionTree span.dynatree-node.object span.dynatree-icon{background-position-x:0;}.expressionTree span.dynatree-node.parameter span.dynatree-icon{background-position-x:-16px;}.expressionTree span.dynatree-node.function span.dynatree-icon{background-position-x:-32px;}.expressionTree span.dynatree-node.property span.dynatree-icon{background-position-x:-48px;}table.expressionsTable{border:solid 1px #f4f4f4;border-collapse:collapse;}table.expressionsTable>tbody>tr>td{border:solid 1px #f4f4f4;background-color:#fff;}table.expressionsTable>tbody>tr:nth-child(odd)>td{background-color:hsl(0,0%,98.5%);}table.expressionsTable>thead>tr>th,table.expressionsTable>tbody>tr>th{background-color:#f4f4f4;border:solid 1px #f4f4f4;}table.expressionsTable>tbody>tr:hover>td{background-color:hsl(0,0%,97.5%);}table.expressionsTable>tfoot>tr>th,table.expressionsTable>tfoot>tr>td{background-color:#f4f4f4;}table.expressionsTable td.parseError{background-color:#ffd8d8;}#AttachmentType_FilterExpression{width:375px;}#deviceComponents{border:solid 1px #f4f4f4;border-collapse:collapse;}#deviceComponents>tbody>tr>td{border:solid 1px #f4f4f4;background-color:#fff;}#deviceComponents>tbody>tr:nth-child(odd)>td{background-color:hsl(0,0%,98.5%);}#deviceComponents>thead>tr>th,#deviceComponents>tbody>tr>th{background-color:#f4f4f4;border:solid 1px #f4f4f4;}#deviceComponents>tbody>tr:hover>td{background-color:hsl(0,0%,97.5%);}#deviceComponents>tfoot>tr>th,#deviceComponents>tfoot>tr>td{background-color:#f4f4f4;}#deviceComponents tr th.actions{width:20px;}#deviceComponents tr input.description{width:300px;}#deviceComponents tr input.cost{width:75px;}#deviceComponents tr i.remove{font-size:1.6em;color:#e51400;cursor:pointer;opacity:.8;}#deviceComponents tr i.remove:hover{opacity:1;}#deviceComponents tr i.fa-list-alt{color:#1e6dab;font-size:1.6em;cursor:pointer;}#deviceComponents tr i.fa-asterisk{color:#fa6800;font-size:1em;left:10px;top:3px;cursor:pointer;}#deviceComponents tr input.updating{background-position:right center;background-repeat:no-repeat;background-image:url(data:image/gif;base64,R0lGODlhEAALAPQAAP///zNah+Hm7dng6O7x9DddiTNah1d3nJqtw3+Xs8fS3k5vlm6JqaGzx4KatcrU4FFymDZciHGMq+ru8t/l7Pb3+V9+oeLo7vT2+MTP3LLB0dTc5fHz9gAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJCwAAACwAAAAAEAALAAAFLSAgjmRpnqSgCuLKAq5AEIM4zDVw03ve27ifDgfkEYe04kDIDC5zrtYKRa2WQgAh+QQJCwAAACwAAAAAEAALAAAFJGBhGAVgnqhpHIeRvsDawqns0qeN5+y967tYLyicBYE7EYkYAgAh+QQJCwAAACwAAAAAEAALAAAFNiAgjothLOOIJAkiGgxjpGKiKMkbz7SN6zIawJcDwIK9W/HISxGBzdHTuBNOmcJVCyoUlk7CEAAh+QQJCwAAACwAAAAAEAALAAAFNSAgjqQIRRFUAo3jNGIkSdHqPI8Tz3V55zuaDacDyIQ+YrBH+hWPzJFzOQQaeavWi7oqnVIhACH5BAkLAAAALAAAAAAQAAsAAAUyICCOZGme1rJY5kRRk7hI0mJSVUXJtF3iOl7tltsBZsNfUegjAY3I5sgFY55KqdX1GgIAIfkECQsAAAAsAAAAABAACwAABTcgII5kaZ4kcV2EqLJipmnZhWGXaOOitm2aXQ4g7P2Ct2ER4AMul00kj5g0Al8tADY2y6C+4FIIACH5BAkLAAAALAAAAAAQAAsAAAUvICCOZGme5ERRk6iy7qpyHCVStA3gNa/7txxwlwv2isSacYUc+l4tADQGQ1mvpBAAIfkECQsAAAAsAAAAABAACwAABS8gII5kaZ7kRFGTqLLuqnIcJVK0DeA1r/u3HHCXC/aKxJpxhRz6Xi0ANAZDWa+kEAA7AAAAAAAAAAAA);}#organisationAddresses{font-size:.9em;}#organisationAddresses tr:not(:last-child){border-bottom:1px dashed #aaa;}#organisationAddresses th{padding:2px;font-weight:600;width:200px;}#organisationAddresses td{padding:2px;vertical-align:middle;}#organisationAddresses tr:nth-child(even){background-color:#fff;}#organisationAddresses i.fa{font-size:1.7em;cursor:pointer;}#organisationAddresses i.fa.delete{color:#e51400;opacity:.8;}#organisationAddresses i.fa.delete:hover{opacity:1;}#organisationAddresses i.fa.edit{color:#1e6dab;}ul#loggingEntries{overflow:auto;max-height:230px;padding-left:20px;}table.deviceProfileTable th.name{width:300px;}table.deviceProfileTable th.type{width:120px;}table.deviceProfileTable th.deviceCount{width:120px;}#configurationDeviceProfileShow #displayComputerNameTemplate{margin:0 0 6px 0;}#configurationDeviceProfileShow #displayOrganisationalUnit{margin:0 0 6px 0;}#dialogComputerNameTemplate #ComputerNameTemplate{box-sizing:border-box;height:48px;width:100%;font-family:Consolas,"Courier New",monospace;}#dialogOrganisationalUnit .enforceOrganisationalUnit{line-height:2.2em;}#dialogOrganisationalUnit .organisationalUnitTree{height:380px;}#dialogOrganisationalUnit .organisationalUnitTree span.fancytree-node{padding:1px;border:0;}#dialogOrganisationalUnit .organisationalUnitTree span.fancytree-node>span.fancytree-icon{background:none;display:inline-block;font-family:FontAwesome;font-size:1.2em;width:14px;}#dialogOrganisationalUnit .organisationalUnitTree span.fancytree-ico-ef>span.fancytree-icon:before{color:#1e6dab;font-size:1em;content:"";}#dialogOrganisationalUnit .organisationalUnitTree span.fancytree-ico-cf>span.fancytree-icon:before{color:#1e6dab;font-size:1em;content:"";}#dialogOrganisationalUnit .organisationalUnitTree ul.fancytree-container>li>span>span.fancytree-icon:before{color:#fa6800;font-size:1em;content:"";}#dialogOrganisationalUnit .organisationalUnitTree span.fancytree-node.fancytree-selected{font-style:normal;background:none;}#Config_System_AD_SearchScope_Dialog_Loading,#dialogOrganisationalUnit_Loading{text-align:center;padding:40px 0;}#Config_Expressions_Browser{padding-right:275px;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAA6BUlEQVR42u19XZPcxnX2cwDM7FKkZIUph6JykcR2uWzKJdJSyqlKLIl59WU78aXzC3KVm1ynKlf5HclFKjepsuutKBU7ViL5ZSw5CcXQUtmhaFESRZpcLj+X3M/5Avq8FzPANBoNoAE0MLO7fVTUzjQwGACD53w85/RpYmY4ceLkcIrnboETJ04BOHHixCkAJ06cOAXgxIkTpwCcOHHiFIATJ06cAnDixIlTAE6cOHEKwIkTJ04BOHHixCkAJ06cOAXgxIkTpwCcOHHiFIATJ06cAnDixIlTAE6cOHEKwIkTJ04BOHHixCkAJ06cOAXgxIkTpwCcOHHiFIATJ06cAnDixIlTAE6cOHEKwIkTJ04BOHHixCkAJ06cOAXgxIkTpwCcOHHiFIATJ06cAnDixIlTAE6cOCmVoGyH7//g//6/v/27v4XvB/A8wPcCBIEPogBeQCAi9Hwf5PXR7/nwfIIf9NEPfPi9/pkjK/0PQB6YBYgInkcAPLCIAPIBIrAIQb4HCAFQD/AEfAaE7wGRAMMDEMH3PHAkwOyB2QP5DGYGMYFJgCMGfMAjgAGwEGAhQOSBCPCIIAQAMIRgIPBAACAAQQwIwPd9gAlhxPDAECTgeQARATz9PsGMYHbuRIwoigB48AMPIhJgAjgCmAUCHxAcgEhAsAePp+OiR8AkBIjQ8zwIIQDPAzMgIgGPpufNIMAnsCD4AAACBwwPHogBAkF4Aux5AHkgZviRmH6GGQQCaPa9PjAZjeD5Plj48BCCGfA8QigiCDH9PHMEDjwgihAy0ANhPBYIeoyxEBBjAd9jRBHAFGHMDEwmIA5AxBAeg8MQghns94GxAFaA6cUJQHjwKQB6AqEQCISA8HoIGPB9giAGMWMCIBA+gB68I4yIGR4zViiAEAL02ApoPEbEjMf6j2E0YtBjABMBAI4CCMM+6DEA3vR6jhABCCCC6W8aCAHf9xFFK6CjBMGMY0SIogie1wewAvhDHDtyJGU3I2L0iHDs2LHpfSYPAtPzjqIIe3t72Nraw3jFBwYDRKMRwjCEEALDMETEjBUiCCEwmUwQAeAomj6PAJgZkzDESr8/feamDy48z4PnTe329Lyj5HUQBMm2P/uzPwMz4/Tp039chG9i5kIF8NZPfsIeeckXT/8RyPPh0/Tv9L0H3/NARPB9H0QePJ8Q+AHiq6L51yrvZ+8oc3qaYSraNTOoG9MMTgFuNAajb5kOkWbIdExzOORtUO5n7pjmbEl71Nzv0X9WdxAquY6i79Ef03ws93HX7Jczpr03VHC/5sI8BTCzQIwvIabGg8GJIZH/xaAX8XvNPtPdpspA/gznHE8IgS9/+cvUyAN49PDRFPS+D3+mAHzfnysDZZxovt33PfR6vRqArgJ8PciJTMaqAL+KgmgCfA3UK4G8CvBrjJWATw/8grHaIM8DfhHIGeD5GOvGpmYR0p+pF0azrZmx9DUxJCAKGZQieS1koPIc0Oo/kfd5IVIgz1MCsdfQSAGASAEZSePy40YJyOJ/89vjgF8OcovApwL/5FAC39ziN35GJYeapVOVHW35syz99jSz6DpvM/X52YZp6EHSPqx93UwBSDeJiDQ/xuziSX76aH4BGaAePuAXg7wm8EnzCDcFPlUH6X4EPmniH2vPqPx7xm56HsjjMWm/PEDnjetDEDZWAkE5+CkTm8X/pW8epfGfEz8dVOBXB7kB8AtBXhP4hSA/OMAvjttbAH48JlvhHGVANA015mMZn6AQ9LrxKqCvGAJAcfXlMUp5AdKfGftMDvhlY5VBbgB8sjHmgF9njHPoTVb8eZL2zXP1855FFeQ68LMtBUA6V1/x9omU/WRmgIpuIBUkAJYH+EQFXLwDfufALwX5AoBfarVTNp5Sj0QTV1+3j5xFsMIBSJwflIA/m9pLFEI2FrAHfIKGX2sI8qKUX12QF6X3FgX8vCxBE+BXO6bJWC2Qtw788ufWBMxz4Ntz9bki+WfuAZD8CM1vSBocBMqQIakIoAbwdSBvBvzquf66IG8K/DxvoQnImwK/5LxrgTybvG8OfIJmU+vAL6PuTS17VVc/Ab+hxa/hAVDG1U+drJzyS+cApZ+4O+A3j+91ALRR0GMC8kUDv4ZXUgvkTYGv8xaaAt+Cp0qUJgENyL0yhaAW92S2FREHdhRA1jiQBHLS/JCUihnyUyXLBXw7xTv1QF4F+E0LguwD3xzkVYBfAPLawDcFeXWLryUBDci9IldfC3pVaTQAvzEJKLsAlLpgyhQE+X4wqwQkBIGPfj+QgDwvKqLUzSOQh/R+s78ySJJwhNL7pvaRPJOUD6IdS59DShno9lUfUkp7OHPHJ32PUp4FZcMJKvCGVIVIVG6JTBVfkfUpsyymlodTqKj2sDKgtaGpMdYDlVFcrosUD28A/Bx3UXfv5Uq8+L06nir/lar5gGl1X1zTH1fzxZ9HmTdg3QMgklh+DeGHecrv/oN7ePen78wmCxE8z0MQBHPQzxTIXBHElYOxYom3Q7uP9jPSWNl2khWYfC7IbouVHRnsq92m/ax0Lbpz8ry5AjP9ntQxDa4rJ6as8zquTa+yX6PvU2JddUxHlOW+1h0r57XOFS/aXlannzsPoKCsl5kxGo3wp3/6p3jqqaeseQOB+a6UJgbVqj8Ak/EYt26t4cGDB5kyRSdOnNQTZsZ4PMYTTzyB4XBYSvxxQQhRkwSMyT5KA5+U9CAIvV4PJ0+exObmJq5cuYL79++7X9CJdYmBcNDlwYMH+JM/+RP85m/+ZuK5FIVfcZhgzQPwPIJHNJtTP/3reVO30ovdzdkU4XiGIBHh+PHjuH//PtbW1tzT6sRJBZE95xMnTuCJJ56Ye9QagLP8TxNeNPcAkKr9SZ2ojgSR487f/u3fxne/+11z8umQjbt74e7RYDDApUuXsLGxUagQOAf4SfzfSilwpvw3TTrFWyinJNc9/O7hd/cof/zWrVv41a9+hTAMjTyDRBnIYYAC/IQfsKEAUjwAdFN7SZkKDGs/knvI3T06qPdoMpng0qVLuHv3bqXwgHPAn/EGCniCagpALfBRmn+kwoScG5BX0ugefqcgDuO9uHv3Li5dumRk9TUH0nIAqJkKNJwNKLn6mrkAJNf9KxyA+8EdKNy9mFv9q1ev4te//nUlQlDHAbCBN2ApBJAqAFWLT3mz9EhbA+AefncvDus9evjwIT788EMMBgPUlVT8X+YNGKYDDUuBlZNQSEBSK/ZKbo4DhbsXh+keXb16FVevXoUNycT5edyArRBAtex5WinvvXv4nYI4rOPb29u4fPkytre3G4E+FQJIlp11Vl9VFM1JQErP8JXi/3QmUF+3btKp1D38TkEctPEbN27gypUrsCm6NKDO6vPMHTBxBoJ62ogyIYA+YGg3C+AefnePlm18OBzi8uXLePjwoXXwa0uBVW+g4sxLs7bgcQPQzLx30oYAy5IFcA+/u0ddjq+vr+Pjjz+ul94zJgHyiD8d+G2QgJSdCKwCXAf6ql1P3Li7R/v1Hk0mE1y+fLm1iW/5vRzkfgtVkn91QgBpnrsu7tfFKbob5x5+pyAO0r24f/8+Ll++3K7VzwG/bP7r9gUy8gCIyjWSvJ9JCOAefqcg9vO9CMMQn332GW7evNk62OWuQnPwzy2+ucNf2wNINwNRlYBMAhZ1nan6Q+mUTt6Ch+7hd/eiq3v06NEj/OpXv+qkJ4GcWeO02ZcIwbT3b7kSUB/36yx9Xm+6qiFAUQsr+ZhVPAv3kLt7ZGP82rVruHbtWqfuvppOz4T9Euyrtl80IwEzjSkpUxeQ6qPXIASQvzduMBJbfnnJY7XRonv4nYJoc3xnZwcfffQRdnZ2sCiJ1xRME38atCdpAYshABFp1gXQt9Sue+Nly+95Hnq93qzDsAchBIQQmEwmKSVQFmq4h98piKbjN2/exKeffrpY4LPi3yfWPgf8hm6A4cpA6XhA7QMovyrzAMpufPzZXq+HZ599Fi+88ALee+89XLlyBWEYYjKZJH+jKEoUQ9n3uIffKYiq48PhEFeuXMGjR4+waJkrgTLij+1zABpGIAP8TL1wyU0uWx7J9330ej2cPn0ap0+fxqNHj/A///M/+MlPfoLxeIzRaITJZJIogiiKUn3XF6UInII4GPdobW0N169f7zy9Z0IIFqX9q5YEBIbfrKwRKPMD6VWCVA+gahYg/myypsBMnnzySbzyyit45ZVX8Pbbb+ODDz7A7du3MR6PMR6PE88giqIUSZjnFbiH3ykCnYRhiI8++ggPHjzAMkkmDFCIvyw3YKYBDKYDp+v8SVcQBGjHyuLzon3yegoAwMsvv4yXX34Zly9fxvnz53H58mWMRqNEGcSKQA4N8rwCBwqnIGJ58OBBEmouv2hMP7cUAqhLeaXGlaahuhReFTdct3xSnnz1q1/FV7/6VTx69AgXLlzA22+/nSiC0WiUKIIoihINGnsIThE4BSFb/atXr+LOnTtLCfVsGjDf77eeBlSZQMoohOwikqoSqOL+A0AURQnRZyJPPvkkXn31Vbz66qt466238P777+P27duJMtCFB1ULipyCOJj3aHNzEx9//PHSLzQix/+sof0yJQGGSsCoH4Bs8eWmgFJ70HnXYE0WoMoPFS+oGIYhfvGLX+Af/uEf8Nxzz+GZZ54xulExT/Dhhx/i/PnzuHTpUuIRyOEBESUZhDZLlZ2CWN7xq1ev4tatW0vv7OvTgCgAfUYlNOEA5i2/NJMCNF2Dy3+AvB8kBj8AjMdjAMB//ud/4uLFi/iN3/gN/NEf/RG++c1vYnV1tfTCTp06hVOnTuHRo0d477338NZbb2E0GmE4HCYeQRiGiRKQ04nOOh7sa97d3cXHH3+M3d1d7CeZG1Vl8k/OxCA7HECG7NP0AZgXAWizAFV/KDmlF0URJpMJRqMR/vmf/xlvvvkmnn/+efzBH/wBfu/3fs8oPHjttdfw2muv4d///d/x/vvvY21tLQkNZGUQewWHySM4bArixo0blbryLgPo06E05xB/EgdgOw04XxFI6Q2QpAZ1i4bU+6HiEt8YiDEfMBqNEAQBhsMh3nnnHbz33nt46qmn8PWvfx2vvvqq0c2MeYIPP/wQH3zwAS5cuKDNHsQZBKcIDo6CGI1G+OSTT7C5uYn9KimjqyH+UkWAtjoCqXMBYrJPXgqEkF0XoE4IIKcC5bhH5gXG43GiCHZ3d3Hjxg28+eab+OY3v4nTp08beQVxePCd73wH58+fx5tvvpkiDGXSUE0nuvh6/ymI9fV13LhxY5+k90zJQNbNBUpts8IBxLBPr/5FCQmYQj/0HYHq/IByPUD8OibvwjCE53nwfR+j0QiDwQD/9m//hnPnzuHkyZN47rnnjLyCJ598Eq+//jpef/11/PSnP8XPfvYz3Lp1K+MVxNWGOm/FxdfLey/CMMQnn3ySu+jmfgN+qiegJvbXsAOWSMDE3yetMiCkVwuyuTCIrAjiMdkjmEwmiSIIggB7e3u4ceMGfvzjH+PVV1/F6dOncfLkydIb8eKLL+LFF1/EpUuX8P777+P8+fMYDAYYDofJOcQWxE04Wn4FsbGxgU8//fTAWP3MNWuIP9amBxqTgMgy/UlYkPUCyoBf9wdXZw3GYzqPIAgC9Ho9vPHGG/jxj3+ML3zhC/j617+OF154ofRyn3nmGTzzzDP4zne+g5/97Gd44403MsVEjmhbXgURhiGuXbuGe/fu4SBJogTyiL8CbsBCCKDz8ikdEkDfEKSN+fpqeBCn8GKQxnH8cDhEr9fDL3/5S3z00Uf4p3/6J7z22mt49tlnS72C48eP47vf/S6EEPjBD36AyWSSkJOOaFvO8a2tLXz66acYjUY4iDI1rjnEH2dYQJshgDIDkJBaErxscdC2Hn51nzg0iJWB53kJcRj/+5d/+Re8/fbb+NrXvpbMNCwS3/cRBAE8z9NOMHJE23KMX7t2Dbdv3z6wwGftMuAq8Ve9K6DZ4qCAkuyTXikLhpb9aG09CHLmQAiRAqxsteNQ4aOPPsLNmzdx7tw5/OVf/mXhzT9oKxwdJEWwt7eHTz/9FHt7ezjoQiSl2lluCaLrCgBbpcBSjJ9T9UcyMYhuuwKr4UA8lTgei6cVx7xAr9dDEAT48pe/jDNnzpR6AHEtQtn0YkfAdT++trbWSVfepSMBdeBnHT9oJQ2owD09G2hWIiyHA/kNPW0/CHkLlMSgj933Xq+HlZUVrK6u4vXXXzfODMSkklwY5JY6W/w5jUYjfPbZZ9ja2sJhkXQaML8HYNUgwHAuQLoNWGLvVUXQUQigZgE8z0u6CMXg7/f7CfC/+MUv4rnnnsNLL71kfGM2Njbw7rvv4o033kjqAXStx5wi6Pa7b9++jbW1tdS07kMpEvGXqf63WgqsdgTWMANz11/v/tvKAsgSgz4Gfuzm9/v95N+3vvUtnDlzBk8//bTxff3f//1fXLx4Ef/93/+NwWCAvb09jEajVEWgI+C6VxDxQhy2F93cd2FAGfFXkRQ0CgFItvCSO6CrC7D9IOStQaiL7fv9Pp5++mn8/u//Pr71rW9VusHnzp3DO++8g7W1NQyHw1RTkfhfHvnoFEG7CuLhw4f47LPPDqXVz1tvMw/cVbMBRiFAarZfmgJIj1HzrsDqxTJzYu1jBl+N7VdWVvDSSy/h9OnT+NKXvlTJzf+v//ov/Ou//itGo5G2gYg6F8Ax8d2Nh2GIGzdutLbo5n4kAVMAZ5kUhH6KsJ0QgLLKQI78SUMWorgjUNHDEF9wvDCIHNvHln5lZQVPP/00nn/+eXz729+udEN/+ctf4uc//znOnz+fAF+29vIiJHlxv2Pi2x3f3t7GtWvXDmxRT11FkEkD6vJ9sUKwwQGQtvY/TQJSqkDIbGWgIoIvjvHjxUHifysrK+j3+/jGN76BP/zDP6xk7QHgRz/6ES5evIibN29mZv+p04DVYiNHwHU3fuPGjaXtz7fIMEDuCqQl/hAvGW6xK7DK9JPiGZBcHFBGXBo+CDH4+/0+VldXsbq6iuPHj+Oll17C2bNnceTIkcpu/o9+9KPE0k8mE4zH4wT0cZ5fJvn2e8/A/agI9vb2cP369UNR1FNX8qr85xbfcilwJsWnTgQCsv0BSjoCmawLGAQBjhw5ghdeeAHf+MY38Oyzz1Z2899991384he/0Mb3spuvs/iOgOt2fH19fV/051s6bYDMWsHQvW1GAqKIBJyXByeLhNZ8EOTwIQgCnDlzBn/+539e2c2/cOFCis1XST1d2/FldfUPuoIYj8e4fv06tre3HaANwoD5vYPeF2A5DLBFApJK+MljhExDADRTBDLbX8XN/+EPf5ix9nFLMXV14SI33ymCbr7j7t27WF9fd0U9BuBPxf85xN+8EtDm4qAZay+FBaS6CM1bgskVfnkrA8lu/jvvvNO5m+8URLPPhGGI69ev7+v+fItmAVRvoEobsIocQJoNgAb4BN3S4dWzAGrXn7zP/fCHP0zc/PF4nGr13aWbr27TrYnoFER62+bmJq5fv+6sftMwgHXEXxsdgZJyX5ntl/wAxUUostqmXYHjGXjx2gDAdN22mM0fDoephT50wFeP1/ZDruMy5DDjoE0prmP119bWDkR/vmUIAzJMYEox2OwIRFBXBJdWA1LIQtJb/youd9zVJ27gceHCBbzzzju4dOlSqrlH3A9QdfOLQN/mjES5RFm9fnk6sU7hHXRFsLOzg1//+tcphe6kfgCQAX7MC3ALTUFVL4AUYkAeI2VpsDprA8rW/8KFC/j5z38Oz/MghEhZehlUi1r5Vz5veUJS3I8g/mysrNT1CQ8D17C2tnbg+vMt1PprXH25SBjG9J8xCUjZFmBS2i+lCAo4u6qLggDAcDhMwCSDXV3Ga1EpPNnq93o9HDlyBCsrK+j1eklHonhRk8FgkApvDjoZORgMcOPGDQwGA4dgS3F/hlzPI/6kqkA7IYD8Iun9l9pY7LZUsMqyEtAVFKkLiS7yIY/Pzfd9rK6u4m/+5m/wta99TfuZv/iLv8DVq1dzlyfvgoDravzOnTsHtj/fMsT/rAkFWJv5szodOLXsBzLrA0h1AE1bgqkrAxVZ+UU9/PL5xR5AUd3CysoKfN/XhkUHqajn5s2b2NnZcahtTQnosCT/rZACQNXpwNBNDkp3DMirAaj6QLVt3W2HACr5p0o8o1HuZrQsZcc2jnX//n3cuXPHpfe6JARZdvPnwOfMtsYhAM1r/aWMQGZMAcYiiLmuH37T1KDs3ew3Iq9oWxiGuHnz5qHqz7cUYUCOq99CT0DS0ADKlGCkMwAmD89BqXSLsxNhGBYeQ9dctMtzbWZp9Oe6tbWFmzdvOqvfMSGYnvwjcQAZpWBrcVBKKwR5XFcTAHTTFXiR43HDEpnpLwJC3HAkzmDUmSWptQYVttniPqIowvr6etKfr6xku03ldOisv4b4a3JbjUIAbf2/GgLE+9RcG3A/jsc8RRRFGAwG+Ku/+iusrq5m0oDD4TCZmVikJOqWEdd/kKqP7+7uYm1tDZPJJFPvYGzBOvZgDpg2yAF/2huwxgHouv+QUhpMSh2AujbAfg4BysbjECC26KPRKEUIyiGCPEGpDo+g41V0IC3KwOR5ZmXjURTh3r17ePDggXZ/E3C35cEcJi9AT/xxihiswgZUnA5MJQuDlBNfB0kRxGPyHASZ6Zevv8j1rzN/IrdbrCHgy4Arjw+HQ9y6dQvD4bDU3TdVBHWUQN74YVEM6Xufbf6RpQJbmQ6cLQmelwHkTwlug4BbFCmo7hfHxfLEn7zwp+rDWga4uoDXXYNu/MGDB7h7926lWN9UERTtU0UJHHTFkL6+rKuvXLXlNCA0BKA6CWheGqhdGqytfPciAF/3nPJc7abnUlZwVdeljot64pCm6fmVKYK2lMBBVQpqGpBzswFWFADlgJ8yJKCJFeoSvG0Sam09XHU7KlfdLw80Dx8+xL1795Jy7DrnV0URtaUETJTCvlMIGg6AkUcI2loclJBtDaYhBkFo3A+ga0VgzzVDJeVn8lAW3cu8bVUIQXV7FEVYW1tLuvKaeCtVlEGZN2BDCZTtU/Z+WRWCLhWYtzaQOQVYIQ2YyferNQAVOgItS/xuIxa3AXhTgk+nIKoooKJtOzs7uH37dtKPocl5d0kA1t3P9PPLpBCIaN7sQ2vk5/G/3a7AynqACRugWSPQdHHQ/Qr4ou+Or12ezFQFTOr+TTMAZdtj8vL27dvJBJ664LcV99uI/ata/SpKYxEKIauU0tY+RQ1WPD0DD0BeB1jSCkTK4qBUOjl4vwNeB+iiGLkqmEyOberu6zwFdfve3h5u376NMAwzRJ+Ne24S91clL5sQgHXOe9F1CdlngBTwM7KTAC1yAKmJvxLQM+y/whB2GQKYFrfUsfB1P1M13VaXWCuz/joPTAiBBw8e4NGjR7Vi/Trn2DYB2DT2r6NE1HqPbryA1PrgktXnDDdgpyegUuiT8gekiUCoWAnYdDyv5VheDYIN17bpcYp4BJtpyKJjj0Yj3L17F6PRyNq12CgDbiP2twFyU4+gC+5Angyknw2o8waskoAptyBbHQhzdrqpq19EbtkEfV1PwTT9VOalmPAAZfcs3ndjYyPpymtLIVYh/7qO/ds4lzpicw4HZ1z9OS+Q5gAslQKT5PrLY+m5ANlKYFv9AOoAtCmLXXf/Ku6gabxvIwsQhiFu377d2OrbUgTLRAA29TaqKorGykCy+pn8v2T+TZ2ASh4AMnF+OiTI6whsu0yzakqurodQxuRXdX3VBydv3DSfbgK6ra0tbGxspIp62p6+uwxlwLa9gDq8QzuKoGjyD6sRgR0SMOUPpBwCSo3VuWATV94UxE24AFvHLzv/PMtflvsvu5/qZ6Iowp07dzAcDgGglOWv6n0cJAKwDde/SuVjJUMCXbqPNSGALQ5A5vyzJIAW+EWMcdGsszyLrXuv3ry65J9J5WKdtF7RA1x2H5qEH8A0vVdUymuLE1lUGbBt0Lbt+lv3DJRlwbMdgc3XCQwq4D/t96emAFBjArAKeE2n01Ydrwv4OiFG3bCkyHIJIXDv3r1Kpbxdkn9l578sxT9NXP86yk43Vnyus8k/BbMBYa8hSLbYR18ARLVc4yZknE13vgkobVuBOhZ4OBzi/v37CMOwdeA38QraJACrhgJt/D62jpnHP3EJN2C9KagmEEiWCdKsDl4JNLZcdlPAl4ULdcBuGq/bTinJHYc2NzeTrrxdg99m3N9UCdhMA5pY+K5Cj9S+mjQgy3MDDFRFDQVAacIPaRIw8QwkYMnZAFuVeSbgz8s+NOECbJJzTeNe+XiTyQQPHjzAeDy2dv6149Ka19Ek9m+TALStTOryGWq2KP27IAkFsr6AmT9gXAmoMv+pjIDOBZAuwITUs2X1m/IDTQDfRuZB/h75Ydjc3MTm5mbroUsZ4diWN9BW8c+yu/5F+IlLgTmH+Ev+b3U2ICk1AKmFQtP7mcTUZTPZitJhTWvxbXghbYHM9HvCMMS9e/cwmUxaLXm2FfM3sY6Lnv1nw/VvqsjMfs95KNBCGhCa6cASCVhi2YuUQVFMXgf8trIBTeLeOtOATWV7exubm5va9N6iYv8q1X9F++2H2X+2P1vLwKR6gSq9AaRxttYRKIf5T03/JcosDKqrCiy7QBOLVnVKbhcusYnn00SEELh//z5Go5HRPVt2RdDGhKAuZv+1ERpU4Xxkm5uXBmS1GrBxCAAN2Yd0DYD8Xn04m5bhluXm6yqDNl18m6AcDAaZUt5liO/biPubkGU2QW7i+tsi/ao+R3mNP1im/GyWAmfJPp2CyAe/ziU2AW3VAqGu5gd0ZXmFEHj48CEGg0Fj78IGd1K3nXnZbMaDMPvPVvFPngLKCwO0M/9tcwBEZuArAlQe+NvqmFNUXmyDpa9iOeoAdjQaYWNjI9OfzwaQu/YUlo0AbJNLaIuf0NN+GuKP0xwA21sclJJ+fxl+IDWWXRugDvir5PuLrFWT8MMG4VgVhMyMra2tTH++ZfFK6sT8y0YA1qkDaJvoK7vebAjAuam+1DYbHoAa4ycnleoBmO4IVEaKNbFkTcDQJAXYRoWgLJPJBA8fPsyk99os8LFtodogAOsApysvwLbrb/TbakGvKAarIYABOShPBy7KADSx+m0A31ZNQFMAbm9vY3t7u/I1L0sGoE0C8DAU/5h0ftJOGJLdgNZKgSmf+lP7AOgAXzYBx+Shb2t+gC23v66SCMOwltXvarJVl5ax7djfpuvfheUv9bYKrb354iBmswEzoC5P9+XVAFRx6euA0ibJ1ybjvru7i+3t7dIMSdehSNlnbZUB28gCVA0F2vAC2gwhZBzFK0vLU4FV4g8l/EB9ErAE5KYPURFY25gf0EVlYB2i7+HDhxiPx5Vc/kVmAOrG/E29gSYA78r1b8vyq1kkmlcAaTkAcJulwIbgo4IVgusqgi4sflcs+2g0wubmpnE1Y9fn10bMb+oN1AXOMrn+bSii/N+0yBuAxaagBaSESTxfJRXYBPzLFvOrVn9rawvD4dAoLFrUeXahCA4KAdhWJWDedGAN7Es4ALOWQIHpSVUNAaqAX3Urq5KCTesG2oqXAWA8HmNrawtRFGkbc3aZmlwGRbBsBKCJR2BLqdRdfaiA50uRglOlUO34QdUTKJvgk0cOFoHapFNPkxh/EVOAmRm7u7tJf74q4G8L+F01BKlb+NOULGujcUlbYUBVxTi/n6zp/s2p5YJaCQHywBmX28pdej3Pq1ULUAXEbbL/TfcPwxDb29tJf75FZSaWoSHIopYBL/IC2gwDmtT9F22fe8ak2H0UTAWwsThoCfDreABNYvsuZgM2CRdkq191/sF+IQKXdSmwNmf/LTKsSs1tUV39zOzfltKAJhYgr6tP3X4ATbkAm9aybHts9U0m8LQB/kXwAaYpwUWtAmSzDqDNGX+VflfF1Z//ZVUN2OEA8lx9hW+sDP5FpQJthgnxPoPBAHt7e7UIzINCBHa1CtB+WPWnLSWrc+4Tb6DeymDlCqBobb/5l7Nx6FAF/FXnB3TdMzCKIuzs7CSlvLbDkzbBbzKbsg1wtLEUmA0voO2ef3Wup9h7Zt064XNvgG21BCvQPjCYwFAFFE3mB3TdM3A8HmNnZyex+nXDEdvLmbW1v801AW0TgG16AcvSOizrc2u8cK17YCsEkL0BnUdgoMFsVAPaKBlu4vrH6T25lNdmj0Jb4F+GhiCLXAVo2Vz/JgRl5v6zqgoki1+tJaBBCCDHGboYRFEKVesA6mYAmjYUqaMQJpNJyuo3ISP3cxbANOZvkwC0NeNwmWb8FTUEUUPxFPHHOv/A1nTgHIuPguWuTHsC2JwoZDuvrjLcg8EgWWp7GcG/H9qCd70M+KKtty3vJXd9wEw7cBmzsFcKnIk18tKANUMAm6nAuqDP+0xM9MVdeZvWJdgOSQ5yFmAZ4/c2ZvxVJ+AY2Yl/nOHlrFYC5jH+KaVQMIlhEYqgqdegs/pdWn/bJcx1PtdVGXAXTUCrhgGL4gtMfq9MDUBeYyBrHkAO8KEBvm6B0KqAt2EB64ItiiLs7e1lltpuI0xZ9nZliy4DthlXL2rBzyaf088GlDHJGuB3kQbk8umGNkIAG4CqspLPaDTCYDBI5jTUBfx+7ltgI+ZvUwksYtUfG2GKndmAc1dfigbS2yt8RS0FoMYZebqmahbAZiqw6vJdQojE6pcpr7ZCgabgX0RbcJO4P28fmwRgU4+g61V/GnlwWoxn04DWOACji9Vo7bohQJukoG77ZDIpLeW1af0PGhHYBLDLPvtvUZZfxRFryb1sK6CqswGMSoELH7ACDiAPOLaqAW1Y3b29PUwmEwDpOft1y5W75AKWAfxVQoNlmf233ySlyFQ3gFnjhZtXA9VKA5puK5sK3EZZsCkAwzDE7u5u7nl2af27ygJ00RBkkasALVvxTxsLhJIEfi0emSvRAEEl4JcRfxoXug7BZ4sU1B0nLuop68rbhTJoG/yLbAiyKALQpuu9iM8WhQDTfzkcQO404aYhQKx18tKACgcgT45p2g3H9vyAOL2na7fcRalyV23L2w4L2moC2hUfYeOYbSwCGj+X6t8M6ZrCXJHFt5EGzCn+KZsGXKYEugCdmt4bjUaNXP4urP9+yQJUifvz9ul6BeBlLP4xCTu0nhfnUYGzvsG2OwIxiicGcQ55WNWdt516i6IIw+FQW8rbVXbioBOBXRCAXXkXXaUA69cEcE65b9YbsBYCpCy+pvMoabyBqv3wbIYG8dhkMsFoNMp1pWyRf/uJCDT9bBsVboua/VcXeIs8ZtnvlIr2i7iB1kIAeXuFtQHqWP6qwBJCYDQaIYoiAPr03qKs/34pB25SAly0/yJm/5l85yKWDav1O0Bf/6/FLVqaDVikGIo6AXdRFhy7/Lat/rIUBS2KDLS5JuCyz/6zuUqRjbkMWiTmTvzhZDawdQ5ADQNUpaBfSdg8b99EETBzY6u/LNZ/2YnAtsqAFzH7b9ksfuk911r9+eQf6yFAKfGX42nYygKYKIIoimrH+o4IbP9BX+bZf4vo/FP1euTlwbmA+EufUosdgThHA3AFkNtQBMyMyWSincDTtfu/yJWMDnoWoKvZf7Yq99qw/Nnj5s0GRDsdgVjWBRLwWdUFKO4K3ARc8lhM9OVN4GmiABZh/Ze1HLiLMuC2SbQu2n13EW7pYgBd/b/VtQFVcMvap8jj0IUAeQ992bi6fTKZpHrx23D791NRUJdEYFXyrw4BWAdsTUlG25xAm5WNqXuvrb+bs34tpAFVV5/Vt/PtpCcBbQE/JvrUIiMTYDcF/X6ZHdhmWFBFGXSxDPiirXOX35vXFyCp+tNxA3bSgHmuPmuUAhs9/Cbj6lgYhphMJoV1/Iv2BBbNBXTJB3RVBmxDySy63bet+6yWAuvD/GpFQdU6AmnigfQQGbv/pmNCCEwmEwghSom+LjwBRwS2SwCW7bMsq/50bfnTC4NkXf14pOopBZXArzD+2TQgax/yul18oijKTNs1Abdtq7+sswNtx/hVST9bMfuiQLzMlj/399G9i3sA1DjVCh6AJgzQcQMG4DcBw2g0Sibw1LXyVT2BRYYCbRKBTUOINsuAFzH7r+uYX53ia0dmFX/a40m9A2woAC7xBuR91Bi9aggQu/w23f2DVhTUNRnYdhlw17P/Fj3jr25b8GQ2YBHbz5a7AicNQRSrr0sCgMv7ARQ96GEYJqW8psBvGvfXzQQs4+zALviAtpqBtDX7z5ZFb3PGX6XfMicNyLHVtx4CZNYdLkgDglPti8q12dyqVGX4l9UTaKoM9gsR2IT8qwvORfT8azM8MPV88veVmn8UA7dJCKA5EGtOQgKz53lGLcHi5pxRFOVmDbryBBYRCtgKB7oGf9W4X7e97TRgl5Z/EWQh5y7+M/cErHIArHc6MtuKCoFUbTYej0uLehapCKoqhbas/yLKgbtYE7DN2X9dKb8uZhWmv4cLGIDqHUEqNAXV2XsUFh3p1gkEprP35Fh/WRXAYSYCu1oTsK3Zf/u5+KeMA9ChlFtLAyrEH+W4BbJeylsclJkRhmHqh9EpimX2BGwog6ZcwCLIQFtlwHVifZtewDLX/Vf7DWNXvzrxV5kDSH1JZjag/hRUQAkhChn+/aIAlnl2YFd8QNvVf126110v9NE8BJhzAPkeQRshgBIPsJ4L1D74sdUvAmnbCuCgFwUtggjschWgZWn9vWi+wZTcs+gBQFP1RwXb9A9IGci7UgBdZwKWlQjsigxrqxNwWwtzLIvlz1eyds/DjAMgDeOvaQxiSgLuVwWwbLMD64C/rYYgbS0D3gYQ95M3UFwH0IECmAKfNMQfZ0KB+G9cB3DixAk89dRTrTPzy7DYx35sAJrbc77hg2by+bx9dOMmY1Xem26r8rrOdpNt8WS4tjy9irMB0y91HYHibrwnTpzAX//1X+Po0aNw4sRJPRmNRviP//gPnD9/vpXjV0wDcm4NQDweBAHOnDmDr3zlK+7Xc+KkoayuruL111/HV77yFfzjP/5jmn/rxgPQxPg8pwJlpfD444/jxRdfwuc+9wT29vZAnofAD1LhRJFnoV/moNgjyc2Ccs7c6dwDcynFwlx8dmxwPWrtRKnTxfkXX7Y9/7K5xncq51z+wxj9omz0E5l/Z9EquYanbLIhfTfUephZVQ4zQ7D8HtIy32LG6PN87oyyD+I8/2zsj//Py9ja2uyaA8gSf6wLAhjo9/rwPA+TMITnefCY4ZGXC3wuAQqXbtM8UGUgLdjOZUqBCx5PrgJSzjlm/oNlso0LgF8G3vLP6hFWBFIu1sjpz3KJiigCqcFnucBKcIkFyduuozEScIs5+JkZLKaAn/b3FxBiPpEn7vkP1n0mvU+/vwJhkQyslAbUFv1w2hpz5ifgFoDP1a2zA357wOcSG78I4JeAtx7wy9pu5c3OU0m/5QkxDNOAeiDPi4K4fH7AUgDfTCl0C/xyd94BvwJAGwK/MIQoCgU4/5liRsOC3UUqgJzpwHF6MG9+QKIUioDPJRGaA36nwOca4C0DfqVt+xj4+vvMWPZyg2ppwAwHoCflpqqBSom/pQJ+UYhQF/g1CbxWgV/IS3J9pVAh/j/IwF9WV7+5AlBjfM4qBRn4OU0EHPAd8A22NQF+Q+KvNvCLmnTucwVQ3IZQTwwyZR++/Qv8cqVwEIBfKYY3BH418s7ss0XgrQv8YtxybW9g3ysAbYyfygikJwbFhAfN2cN9Afy68X8psC0Dv5lScMB3wK8TAiig11r8FPBzHtiGwK+b6tt3wLfuDVR317sBvln874C/SAUwmw2InPz/3AfQKwUH/H0OfEPGv1PgNyD+uKQc8LAAv0IIIM0GTN1jzq0IZAaYJG+gE+BXIO86A35x/O+A74DftpTNIKy8OCgXpAF5Rv6l/AJ2wHfAd8Df9xyAsiRoehtlVg7MRdVCgF8j1VeHtV848C1V5hXF/w74hy0ESKy6Zjwh/kjPD1A5eB3wDyjwDRj/urX4DvidegCsjfFzVwxKFQXxPgB+/Tz9fgJ+Xca/boFOXeDXZfzrA/twAr86B1DC+OfOFqwIfLZcmVcW/9cFPtcGb5McvwO+A75d8fKYw6RRZ14PAE6TgpxL9HEmbNB5F4XboFsHTepJWLQt46wUfS6GIRdvy3WA5hOgSrex9qgFjhVnln5W7lBqe2bx9qLPMqfSulmlwaXbtN8JqcmFFvgF22LFkLOdOX9RzPxtJtsPmQeQkyZIBo8eOwqPCJ7vT5t8EE2bfnre9P3sHxHB930QETzPh0c07QgU+MWufpnFL4roLFt8mFj8Iv/GchhgbLVhdDsL4382+N5KxF+1S6pE/FW36OXdnmzJfD4Ag4Xc0UfMFJrUJWh2PYLFzOBIzUCkz1fZJ/6OeBuyPcRYFwJQngL4+7//+4sEkB8E8MjD1Ckg+N5UKcyATzRTEgSC7/kgj+iJJx7/0mBv8MnsBlDaG2CSzmT+mpkiZmB6LTT1SAARhSQBmCTPgWZafV6xLJjml8AUt1+Kv1darYgAQMSdi6YnSkQEIQRi3SgAYsGAZqHG6Q7TG52aCELJ9yVeVar7q/RC2kaFrr60uEoKLLPxUsVAlGV2ad6Canrs9HHlc483J9uScWl74rFxdmEOMQei53k8/w5OtpN0THk7kG2L7fs+M4vUFavrChARs0gvV+/5PmvWJGAg6WjN098/+b3Ziz1iotmlEzyPOP6O2UHgzb5v2huXOFFMBCbyQACi6cMEIoBAzDNwewSOOwVNH/oYyslzMt135plP79e0cZiqAIiASAgdtjNAJwA4e/YsAcD29jaGwyFGoxGFYYiTJ0/S7u4uoiiiY8eO0Wg0wmQyodXVVRqNRhRFEfV6PZpMJhQEgReGIfm+T1EUeZ7nERF5URSR53leFEUeTcUTQngAPCGER0QeEVE8Fm+X/+aNMbMHwGNmb/o7Ecl/pdc0249mGiAeS17THF0kKRRSbiLJYNUpzZz3mQe0bF/LUuc7OjGauhDUcN/M+9lnWRdLzoAaKx6W3ievpXExfWyYiUgQkYhfy2Oz/QQzC2YWnuel/urGAMSvOR6XxgQzs+/7QgghpkqOhRCCfd8XURRxEAQchqHo9Xo8mUzY931eWVnh4XDIvV6PV1ZWsLOzw77v89GjR7G+vs5BEGBlZYVXV1fx+OOPAwDOnTvH9L3vfY/u3btH29vb+MIXvoCdnR06ceIEdnd3aXV1FcPhkPr9Pu3u7qLX6xEACoKAdnd3KQYuABJCeCsrKySEIGb2hBCeEMLzfZ+EEDEQc//GoJbe++p+6mvP82IFQLEiUF/P/slKIAV4ZibJK6CZ9aHYWygBEJW7hLzYZXsOgCQWtrqyYvUYM/DGL0FELAE9pRBmboKQlEgM+tTrqe0SQlIUmdczoEfK+9R23V/P80QURex5nvA8Lx7j0WjEM8XBsSI5evQoh2HIAHgymfDRo0cxHo95dXWVh8Mhjh49ynfu3MGxY8f46tWrePzxxxE888wzBAAnT57E+vo6jh8/js8++4x+93d/V7V+CXgki4/hcEhBEJAMthh8URRREAS5oI8t9+y1LwE3Zd2l1750/MTKy2PSOZCiBPL+6a6zEPBpV7zc0i966a79LLK3VeIZkPK7sOq5QW5mPf8rb9P9i7cJ6Tlh6bWYhQmZ5ypnbUKavqXMs5QOp+Z/wzAUvu+TRNqL+LzDMMTq6iqHYUi9Xg+TySRzX+LXm5ub9Nxzz/HGxgZeeeUVrK+vIzh16hR//vOfpytXruDUqVM4duwYHn/8cT569CgNh0OeTCY4efIkjUYjZmaaaRhaWVnhmfXk2WIgPDvZ2D3yZrEUz7RW7gXObojQrQ0n3xhJc8ca2ouPq4JUduclL4BnN1H+S5KFIMVikPIAsnTuqbEcsFNelsUgLDgs1t30XnCecpVAxir3IIcF8pj0Xk5exMASs20p6694BIn7H1v/2GrP9s28lz8Tu/rxNp31F0KI2UOeWHlm5iAIYu8kxheIiEejEQBwEAQgIl5ZWcH6+jr3ej1eXV3F7u4unzhxAjs7O3j48CFeeumlKQl49uxZBkBnz57FxYsX+Xd+53fQ7/dx79496vf7cVxBOzs7ot/vU6/XE0EQYDwew/d9TCYTbxaXUBAEYub+C8/zvCAIkhDA8zyS3ffYA5i5Rt6Ug/EyLr7k6ieeAwCKxyWvgmTPYfZ9CScw0wsZryDeJpGEufF/rLDU51hWDIoV0j7syn5aEJh4DlVDDMNjWnfRy64pdsfLziHeTzIenN2Fc3kAydVPjIlq9WdgleN/FlN2LgVeFaySosgoBzlEmO2bGp9y0ql9YsMpwjDkGZ44fj/DG/d6PRFFEfr9vgjDEJPJhMfjMR87doxHoxH/1m/9FsbjMT7/+c/zeDzmwWCAb3/72zh37hzOnj3LKQv3/e9/H9/73vcAgC5evIgjR46g3+9TEAQIgoD8WSrQ933a2tqi48ePY0b00WAwoPi153nkeR6Nx+PZW49WVlZoMpnEIKUZIZiAVhlLXPwZj+CpSkSjFEgBvrydZHJQ2pekbYmLJfMFsnIoCRV0fAFpwGJEFtYk77qMNdjivqxDcM4+XDDGyJYkJCCX4nrIJJ+0PQV8aVsKmHL8nwN2luL3hPCTPQPf94Vs1ZUx7vV6YjQa8cwJEP1+n4UQ8XsWQvCRI0eS1xsbG3jiiSc4iiIWQiCKIoRhyGEYIgb+888/DwAs4VxJXWkeonPnztHZs2cBAB9++CFOnTqVesDv3LmDEydO0MbGBh0/fhybm5vkeR7NmEba29sjyfqmXksWOLHKYRh6vV6PZt6EF0URAfBmPEPMLcRATsX9ujHP82iWbUgUjZoZmHkTyfnMshG5nEG87+yYecpBDicoh1AkxV0lNSWYTsOR1uKr401X4zX9vBr+qOOa47A0xsoxWUfcKV/AOpDHbnLsEivbU/9i4kzaN8P4S+z8bC0PkXH9deFAzN7HY7NwWfi+z2EYiiAIeDKZcBAEQvU2ZEUlKyVm5scee4wB8Pb2NoQQ/LnPfY43NjZw/PhxvnPnDp84cSJ1/yScJpY+lxw1dPdMGPDkoV5fX8fJkyfzrGTR66r/vJnSoCAIvLzt8WshRAx0L2cf7eelz2X+SdtS1yFxBCRnF2TXXwk3Sr0JheTSjVGOy2wUOuhc+bzPS+DLuOKasSKrnXLLJRdfjt3VNF4CfiFEAn71n7JNFBB9qVhf+pzI2YcBJKA2OH7ZP5S8BgCWcMWGadHSNCs1JKCopsIoeujrKg0TRQKJSfUaKh9UzCyUego5743DC9NaBEsuf103XX3AUQEIhda9ZJsJCIXytwpwK4HZ4H4ZA7povIzzoZYZaGqoPHK9DM14mVKpq2CKPl/lWFX+lo2ZgL0NPoArvOeKisHkbxmoqnzGFKBcQZGZWudKIC7b1iTNTEuSgiIL+5gAoK5yMR0ny8duw9JTDaDb8gxQAzAm42z52KbWly3cx2YueMMakwDLIU1uFFU4BjUESR3Gnlr4ni6zA9zR71jV+nEL39PmdS+lBNj/0sYP1dR9bjMdRwfsN+n62G4i8AFTAIf5IaNDAnonbT1A7DojOHFyaMVzt8CJE6cAnDhx4hSAEydOnAJw4sSJUwBOnDhxCsCJEydOAThx4sQpACdOnDgF4MSJE6cAnDhx4hSAEydOnAJw4sSJUwBOnDhxCsCJEydOAThx4sQpACdOnDgF4MSJE6cAnDhx4hSAEydOnAJw4sSJUwBOnDhxCsCJEydOAThx4sQpACdOnDgF4MSJE6cAnDhxYlH+P+B5MeB+eNGIAAAAAElFTkSuQmCC);background-position:right top;background-repeat:no-repeat;}#Logging_Task_Status{width:520px;margin:40px auto 60px auto;}#Logging_Task_Status th.process{text-align:left;font-weight:600;background-color:#f4f4f4;min-height:30px;vertical-align:middle;}#Logging_Task_Status td.description{font-size:.9em;min-height:60px;}#Logging_Task_Status td.progress{padding:8px 10px;}#Logging_Task_Status td.finishedMessage i{display:none;}#Logging_Task_Status td.finishedRedirect{position:relative;}#Logging_Task_Status td.finishedRedirect i{color:#1e6dab;position:absolute;right:10px;top:calc(57% - .5em);display:inline-block;}#Logging_Task_Status td.exception{background-color:#ffd8d8;}div.logEventsViewport{border:1px solid #bbb;-moz-border-radius:4px 4px 0 0;-webkit-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0;}div.logEventsViewport div.logEventsViewportContainer{overflow-y:auto;overflow-x:hidden;}div.logEventsViewport div.logEventsViewportContainer .logEventsViewportNoLogs{padding-top:20px;text-align:center;font-style:italic;}div.logEventsViewport table.logEventsViewport{padding:0;margin:0;background-color:#bbb;table-layout:fixed;}div.logEventsViewport table.logEventsViewport>thead>tr{background-color:#eee;}div.logEventsViewport table.logEventsViewport>thead>tr>th{padding:4px 2px;font-weight:600;border-bottom:1px solid #bbb;}div.logEventsViewport table.logEventsViewport>thead>tr>th.icon{width:20px;}div.logEventsViewport table.logEventsViewport>thead>tr>th.timestamp{width:155px;}div.logEventsViewport table.logEventsViewport>thead>tr>th.eventType{width:180px;}div.logEventsViewport table.logEventsViewport>tbody>tr{background-color:#fff;}div.logEventsViewport table.logEventsViewport>tbody>tr:nth-child(even){background-color:#eee;}div.logEventsViewport table.logEventsViewport>tbody>tr>td{padding:2px;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.icon{width:20px;vertical-align:middle;text-align:center;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.icon>i{display:block;font-size:1.2em;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.icon>i.fa-info-circle{color:#1e6dab;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-triangle{color:#f0a30a;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-circle{color:#e51400;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.timestamp{width:155px;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.eventType{width:180px;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.message{white-space:pre-wrap;}#enrolStatus #sessions .session{width:280px;padding:4px 4px 4px 72px;margin:8px;border:5px solid #efefef;-moz-border-radius:0 20px 0 0;-webkit-border-radius:0 20px 0 0;border-radius:0 20px 0 0;background-color:#f5f5f5;background-repeat:no-repeat,no-repeat;background-position:36px 36px,4px 4px;-moz-background-size:32px,64px;-o-background-size:32px,64px;-webkit-background-size:32px,64px;background-size:32px,64px;min-height:72px;cursor:pointer;}#enrolStatus #sessions .session>h3{padding-bottom:3px;border-bottom:1px dashed #ccc;}#enrolStatus #sessions .session>h3 span.details{font-size:.8em;}#enrolStatus #sessions .session>h3 span.pending{float:right;color:#f0a30a;}#enrolStatus #sessions .session>p.sessionStart{color:#888;font-size:.8em;margin-bottom:2px;}#enrolStatus #sessions .session>p.sessionStatus{font-size:.9em;height:1.6em;overflow:hidden;margin-bottom:3px;}#enrolStatus #sessions .session:hover{border:5px solid #6c7a87;background-color:#dfe1f8;}#dialogSession .sessionHeader{float:left;padding:0 0 0 134px;background-repeat:no-repeat,no-repeat;background-position:96px 96px,0 0;-moz-background-size:32px,128px;-o-background-size:32px,128px;-webkit-background-size:32px,128px;background-size:32px,128px;min-height:134px;}#dialogSession .sessionHeader>h2{padding-bottom:0;}#dialogSession .sessionHeader>table{margin-top:4px;}#dialogSession .sessionHeader>table th{width:128px;text-align:right;}#dialogSession .sessionHeader>table td,#dialogSession .sessionHeader>table th{padding:1px 2px;}#dialogSession .sessionProgress{width:320px;position:absolute;right:1em;text-align:right;}#dialogSession .sessionProgress>p.sessionStart{color:#888;margin-bottom:0;}#dialogSession .sessionProgress>p.sessionStatus{height:1.6em;overflow:hidden;margin-bottom:0;}#dialogSession .sessionProgress code{font-size:2em;color:#e51400;}#dialogSession .sessionProgress .reason{width:160px;}#dialogSession .sessionInfoContainer>div{float:left;width:428px;overflow:auto;}#dialogSession .sessionInfoContainer .sessionInfoMessages{height:374px;border:1px solid #bbb;-moz-border-radius:4px;-webkit-border-radius:4px;border-radius:4px;background-color:#fff;}#dialogSession .sessionInfoContainer .sessionInfoMessages div.logEventsViewportContainer{overflow:auto;}#dialogSession .sessionInfoContainer .sessionInfoMessages div.logEventsViewportContainer .logEventsViewportNoLogs{padding-top:20px;text-align:center;font-style:italic;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport{padding:0;margin:0;background-color:#fff;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>thead>tr{background-color:#eee;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>thead>tr>th{padding:4px 2px;font-weight:600;border-bottom:1px solid #bbb;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>thead>tr>th.icon{width:20px;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>thead>tr>th.timestamp{width:155px;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>thead>tr>th.eventType{width:180px;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr{background-color:#fff;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr:nth-child(even){background-color:#eee;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td{padding:2px;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon{width:20px;vertical-align:middle;text-align:center;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i{display:block;font-size:1.2em;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-info-circle{color:#1e6dab;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-triangle{color:#f0a30a;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-circle{color:#e51400;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.timestamp{width:155px;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.eventType{width:180px;}#dialogSession .sessionInfoContainer .sessionInfoConsole{margin-left:6px;background-color:#222;color:#0f0;font-family:Consolas,"Courier New",monospace;border:4px solid #ccc;-moz-border-radius:4px;-webkit-border-radius:4px;border-radius:4px;padding:2px;height:364px;}#Config_DocumentTemplates_Show>div.form>table>tbody>tr>th{width:140px;}#Config_DocumentTemplates_Show #DocumentTemplate_FilterExpression,#Config_DocumentTemplates_Show #DocumentTemplate_OnGenerateExpression,#Config_DocumentTemplates_Show #DocumentTemplate_OnImportAttachmentExpression{height:16px;min-height:16px;overflow:hidden;font-family:Consolas,"Courier New",monospace;}#Config_DocumentTemplates_Show #Config_DocumentTemplates_Scope_Button{margin-top:4px;}#Config_DocumentTemplates_Scope_Dialog div.input{margin:14px 10px 20px;}#Config_DocumentTemplates_TemplatePdf_Dialog div{text-align:center;}#Config_DocumentTemplates_TemplatePdf_Dialog div input{margin:16px 0;}#Config_DocumentTemplates_JobSubTypes{border:1px dashed #d8d8d8;background-color:#fff;padding:4px;margin-top:6px;}#Config_DocumentTemplates_JobSubTypes>h4{margin-bottom:4px;}#Config_DocumentTemplates_JobSubTypes #Config_DocumentTemplates_JobSubTypes_Update{margin-top:4px;}#Config_DocumentTemplates_JobSubTypes_Update_Dialog #Config_DocumentTemplates_JobSubTypes_Update_Dialog_Types{margin:0 0 8px 0;}#Config_DocumentTemplates_JobSubTypes_Update_Dialog .jobTypes{padding:6px 0;}#Config_DocumentTemplates_JobSubTypes_Update_Dialog .jobTypes .jobSubTypes{background-color:#f2f2f2;border-left:4px solid #d8d8d8;padding:4px 0 4px 8px;margin:4px 0 0 6px;}#Config_DocumentTemplates_JobSubTypes_Update_Dialog .checkboxBulkSelectContainer{font-size:.8em;}#DocumentTemplate_OnImportUserFlagRules_AddDialog .distribute-evenly{display:flex;justify-content:space-around;margin:1em 0;}#DocumentTemplate_OnImportUserFlagRules_AddDialog textarea{width:99%;}#DocumentTemplate_OnImportUserFlagRules_AddDialog .mt-1{margin-top:1em;}.dialog-bulk-generate .brief{margin:0 0 8px 0;}.dialog-bulk-generate .brief .scopeDescBulkGenerate{font-weight:600;}.dialog-bulk-generate .brief div.examples{margin:8px auto;width:360px;}.dialog-bulk-generate .brief div.examples div{margin:2px 4px 2px 0;width:230px;float:left;}.dialog-bulk-generate .brief div.examples div.example1{width:100px;}.dialog-bulk-generate textarea{box-sizing:border-box;width:100%;height:200px;margin:0 auto;}.dialog-bulk-generate .sub{margin-top:.75em;}#Config_DocumentTemplates_Show_DownloadBulk_Dialog{padding-top:20px;text-align:center;}h1.Config_DocumentTemplates{margin:10px 0 6px;}#Config_DocumentTemplatePackages_Show>div.form>table>tbody>tr>th{width:140px;}#Config_DocumentTemplatePackages_Show #Package_FilterExpression,#Config_DocumentTemplatePackages_Show #Package_OnGenerateExpression{height:16px;min-height:16px;overflow:hidden;font-family:Consolas,"Courier New",monospace;}#Config_DocumentTemplatePackages_Show #Config_DocumentTemplatePackages_Scope_Button{margin-top:4px;}#Config_DocumentTemplatePackages_Show #Config_DocumentTemplatePackage_List{list-style-type:decimal;list-style-position:inside;background-color:#f2f2f2;border:1px solid #d8d8d8;}#Config_DocumentTemplatePackages_Show #Config_DocumentTemplatePackage_List li{padding:6px 8px;}#Config_DocumentTemplatePackages_Show #Config_DocumentTemplatePackage_List li:not(:first-child){border-top:1px dashed #d8d8d8;}#Config_DocumentTemplatePackages_Show #Config_DocumentTemplatePackage_List li .id{font-family:Consolas,"Courier New",monospace;float:right;}#Config_DocumentTemplatePackages_Scope_Dialog div.input{margin:14px 10px 20px;}#Config_DocumentTemplatePackages_JobSubTypes{border:1px dashed #d8d8d8;background-color:#fff;padding:4px;margin-top:6px;}#Config_DocumentTemplatePackages_JobSubTypes>h4{margin-bottom:4px;}#Config_DocumentTemplatePackages_JobSubTypes #Config_DocumentTemplatePackages_JobSubTypes_Update{margin-top:4px;}#Config_DocumentTemplatePackages_JobSubTypes_Update_Dialog #Config_DocumentTemplatePackages_JobSubTypes_Update_Dialog_Types{margin:0 0 8px 0;}#Config_DocumentTemplatePackages_JobSubTypes_Update_Dialog .jobTypes{padding:6px 0;}#Config_DocumentTemplatePackages_JobSubTypes_Update_Dialog .jobTypes .jobSubTypes{background-color:#f2f2f2;border-left:4px solid #d8d8d8;padding:4px 0 4px 8px;margin:4px 0 0 6px;}#Config_DocumentTemplatePackages_JobSubTypes_Update_Dialog .checkboxBulkSelectContainer{font-size:.8em;}#Config_DocumentTemplatePackages_Templates_Dialog h3{margin-bottom:4px;}#Config_DocumentTemplatePackages_Templates_Dialog>div{width:374px;float:left;}#Config_DocumentTemplatePackages_Templates_Dialog>div:first-child{margin-right:20px;}#Config_DocumentTemplatePackages_Templates_Dialog .templates_connected{min-height:200px;}#Config_DocumentTemplatePackages_Templates_Dialog ol{list-style-type:decimal;padding-left:24px;border:1px solid #d8d8d8;background-color:#f2f2f2;}#Config_DocumentTemplatePackages_Templates_Dialog li{background-color:#fff;border:1px solid #d8d8d8;margin:4px;padding:2px 4px;-moz-box-shadow:0 0 5px rgba(209,209,209,.5);-webkit-box-shadow:0 0 5px rgba(209,209,209,.5);box-shadow:0 0 5px rgba(209,209,209,.5);cursor:default;}#Config_DocumentTemplatePackages_Templates_Dialog li:hover{background-color:#cddbec;border-color:#1e6dab;}#Config_DocumentTemplatePackages_Templates_Dialog li .id{font-family:Consolas,"Courier New",monospace;color:#888;float:right;font-size:.9em;}#importStatus #sessions .session{padding:4px;margin-bottom:10px;border:1px solid #efefef;-moz-border-radius:4px;-webkit-border-radius:4px;border-radius:4px;background-color:#f5f5f5;min-height:72px;}#importStatus #sessions .session .sessionLeftPane{width:48%;float:left;}#importStatus #sessions .session .sessionLeftPane>h3{padding-bottom:3px;border-bottom:1px dashed #ccc;}#importStatus #sessions .session .sessionLeftPane>h3 span.details{font-size:.8em;}#importStatus #sessions .session .sessionRightPane{width:48%;float:right;text-align:right;}#importStatus #sessions .session .sessionRightPane>p.sessionStart{color:#888;font-size:.8em;margin-bottom:2px;}#importStatus #sessions .session .sessionRightPane>p.sessionStatus{font-size:.9em;height:1.6em;overflow:hidden;margin-bottom:3px;}#importStatus #sessions .session .sessionPages>.sessionPage{min-height:56px;min-width:256px;float:left;margin:3px 0 3px 0;padding:170px 0 0 0;background-color:#fff;-moz-border-radius:2px;-webkit-border-radius:2px;border-radius:2px;border:1px solid #eee;background-repeat:no-repeat;background-position:center top;}#importStatus #sessions .session .sessionPages>.sessionPage>.sessionPageDetails{height:84px;padding:2px 4px 0 4px;background-color:rgba(255,255,255,.8);}#importStatus #sessions .session .sessionPages>.sessionPage>.sessionPageDetails p.sessionStatus{font-size:.9em;height:1.6em;margin-bottom:3px;}#importStatus #sessions .session .sessionInfoMessages{margin-top:6px;border:1px solid #bbb;-moz-border-radius:4px;-webkit-border-radius:4px;border-radius:4px;background-color:#fff;}#importStatus #sessions .session .sessionInfoMessages div.logEventsViewportContainer{max-height:220px;overflow:auto;}#importStatus #sessions .session .sessionInfoMessages div.logEventsViewportContainer .logEventsViewportNoLogs{padding-top:20px;text-align:center;font-style:italic;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport{padding:0;margin:0;background-color:#fff;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>thead>tr{background-color:#eee;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>thead>tr>th{padding:4px 2px;font-weight:600;border-bottom:1px solid #bbb;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>thead>tr>th.icon{width:20px;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>thead>tr>th.timestamp{width:155px;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>thead>tr>th.eventType{width:180px;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr{background-color:#fff;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr:nth-child(even){background-color:#eee;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td{padding:2px;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon{width:20px;vertical-align:middle;text-align:center;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i{display:block;font-size:1.2em;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-info-circle{color:#1e6dab;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-triangle{color:#f0a30a;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-circle{color:#e51400;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.timestamp{width:155px;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.eventType{width:180px;}#undetectedPagesContainer #undetectedPages{list-style:none;margin:0;padding:0;}#undetectedPagesContainer #undetectedPages>.undetectedPage{float:left;margin:4px;border:1px solid #f4f4f4;background-color:hsl(0,0%,98.5%);height:256px;width:256px;background-position:top center;background-repeat:no-repeat;cursor:pointer;}#undetectedPagesContainer #undetectedPages>.undetectedPage>.pageDetails{margin-top:232px;height:24px;text-align:center;}#undetectedPagesContainer #undetectedPages>.undetectedPage:hover{border:1px solid #d8d8d8;background-color:#f4f4f4;}#undetectedPageDialog>.pagePreview{height:700px;max-height:700px;background-position:top center;background-repeat:no-repeat;background-size:contain;}#undetectedPageDialog .actions{border-top:1px solid #d1d1d1;padding-top:8px;margin-top:8px;text-align:right;}.deviceBatches #DeviceBatch_PurchaseDetails_Container{padding:5px 0 5px 5px;}.deviceBatches #DeviceBatch_PurchaseDetails{width:570px;height:200px;}.deviceBatches #DeviceBatch_WarrantyDetails_Container{padding:5px 0 5px 5px;}.deviceBatches #DeviceBatch_WarrantyDetails{width:570px;height:200px;}.deviceBatches #DeviceBatch_InsuranceDetails_Container{padding:5px 0 5px 5px;}.deviceBatches #DeviceBatch_InsuranceDetails{width:570px;height:200px;}.deviceBatches #DeviceBatch_Comments{width:570px;height:200px;}.deviceBatches #DeviceBatch_Attachments{border:1px solid #ccc;background-color:#fff;position:relative;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput{position:relative;height:200px;overflow:auto;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a{display:block;float:left;height:48px;width:221px;padding:2px;margin:2px;font-size:.95em;border:1px solid #fff;color:#000;text-decoration:none;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.comments,.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.author,.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.timestamp{display:block;float:left;width:168px;overflow:hidden;white-space:nowrap;text-overflow:ellipsis;height:16px;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.author{color:#888;width:150px;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.timestamp{color:#888;font-style:italic;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.icon{display:block;float:left;height:48px;width:48px;margin-right:2px;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.icon img{height:48px;width:48px;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.icon img.loading{display:none;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a:hover{background-color:#ededed;border:1px solid #ccc;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a:hover span.remove{opacity:.5;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.remove{font-size:1.2em;color:#e51400;margin-left:2px;cursor:pointer;opacity:0;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.remove:hover{opacity:1;}.deviceBatches #DeviceBatch_Attachments.cannotAddAttachments div.attachmentOutput{height:250px;}.deviceBatches #DeviceBatch_Attachments div.attachmentInput{border-top:1px solid #ccc;height:40px;background-color:#fff;padding:5px;}.deviceBatches #DeviceBatch_Attachments div.attachmentInput span.action{color:#333;display:block;margin:0 4px 0 0;font-size:1.5em;cursor:pointer;float:right;border:1px solid #fff;padding:.5em;}.deviceBatches #DeviceBatch_Attachments div.attachmentInput span.action:hover{color:#335a87;background-color:#ededed;border:1px solid #ccc;}.deviceBatches #DeviceBatch_Attachments div.attachmentInput span.action.disabled{color:rgba(51,51,51,.2);cursor:default;}.deviceBatches #DeviceBatch_Attachments div.attachmentInput span.action.disabled:hover{color:rgba(51,51,51,.2);background-color:inherit;border:1px solid #fff;}#plugins .pageMenuArea a>h3{display:inline;color:#335a87;}#plugins .pageMenuArea a>h3:hover{color:#5e8cc2;}#plugins .pageMenuArea .pageMenuBlurb{padding-left:18px;}#plugins .pageMenuArea .pageMenuBlurb i{font-size:.9em;}#plugins #pageMenu td .pageMenuArea:not(:last-child){padding-bottom:5px;margin-bottom:10px;}#plugins #pageMenu td .pageMenuArea>a,#plugins #pageMenu td .pageMenuArea>h3{color:#333;}#plugins #pageMenu td .pageMenuArea>a:hover,#plugins #pageMenu td .pageMenuArea>h3:hover{color:#335a87;}#dialogUninstallPlugins #uninstallPlugin{margin:.5em 0;}#dialogUninstallPlugins #uninstallPluginData{margin:.5em 0;}#dialogUninstallPluginConfirm #uninstallPluginConfirm{text-align:center;margin:1em 0 .5em 0;}#dialogUninstallPluginConfirm #uninstallPluginDataConfirm{margin-top:1em;}#pluginLibraryHeading{float:right;}#pluginLibrary #pluginLibraryGroups{width:900px;margin:0 auto;column-count:2;}#pluginLibrary #pluginLibraryGroups>div{display:inline-block;}#pluginLibrary #pluginLibraryGroups div.form>table{margin:0 10px 10px 4px;width:calc(100% - 14px);}#pluginLibrary .pluginItem .pluginItemBlurb{margin:8px 0 8px 2px;padding:0 4px;border-left:4px solid #d1d1d1;}#pluginLibrary .pluginItem .pluginItemBlurb *{padding:0;margin:0;}#pluginLibrary .pluginItem .pageMenuBlurb i{font-size:.9em;}#pluginLibrary .pluginItem>h2:first-child{min-height:22px;}#pluginLibrary .pluginItem>h2:first-child i{font-size:.9em;padding-right:4px;color:#333;}#pluginLibrary .pluginItem>h2:first-child a{float:right;font-size:12px;}#dialogInstallPlugin div.info-box{margin-top:1em;}#dialogUploadPlugin #pluginFile{margin:1em 0 1em 6px;}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-node{padding:1px;border:0;}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-node>span.fancytree-icon{background:none;display:inline-block;font-family:FontAwesome;font-size:1.2em;width:14px;}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-ico-ef>span.fancytree-icon:before{color:#9e9e9e;font-size:1em;content:"";}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-ico-cf>span.fancytree-icon:before{color:#9e9e9e;font-size:1em;content:"";}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-ico-c>span.fancytree-icon:before{color:#e51400;content:"";}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-ico-c.fancytree-selected>span.fancytree-icon:before{color:#60a917;content:"";}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-node.fancytree-selected{font-style:normal;background:none;}#Config_AuthRoles_Subjects li,#Config_AuthRoles_Subjects_Update_Dialog_List li{padding:4px 0 4px 4px;}#Config_AuthRoles_Subjects li i.fa-user,#Config_AuthRoles_Subjects_Update_Dialog_List li i.fa-user,#Config_AuthRoles_Subjects li i.fa-users,#Config_AuthRoles_Subjects_Update_Dialog_List li i.fa-users{min-width:22px;}#Config_AuthRoles_Subjects_Update_Dialog{display:none;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_ListContainer{height:280px;overflow-y:auto;background-color:#fff;border:1px solid #d8d8d8;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_None{padding-top:15px;display:block;text-align:center;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_AddContainer{padding-top:10px;padding-left:10px;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_List li{cursor:pointer;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_List li:hover{background-color:#f4f4f4;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_List li:hover .remove{opacity:.8;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_List li .remove{margin-top:2px;padding-right:6px;float:right;cursor:pointer;opacity:0;color:#e51400;font-size:1.3em;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_List li .remove:hover{opacity:1;}#Config_Lodgment{margin-top:10px;}#Config_ReportPrefs{margin-top:10px;}#Config_ReportPrefs #Config_ReportPrefs_Preview{float:right;width:150px;height:80px;border:1px solid #444;font-size:4px;color:#fff;overflow:hidden;text-transform:uppercase;}#Config_ReportPrefs #Config_ReportPrefs_Preview .heading{height:6px;padding-left:3px;overflow:hidden;background-color:#333;}#Config_ReportPrefs #Config_ReportPrefs_Preview .column-heading{float:left;width:calc(33% - 4px);padding-left:2px;margin:1px 0 0 2px;}#Config_ReportPrefs #Config_ReportPrefs_Preview .column{height:100%;float:left;width:calc(33% - 2px);margin-left:2px;overflow:hidden;background:rgba(255,255,255,.2);}#Config_ReportPrefs #Config_ReportPrefs_Preview .column span{display:block;height:4px;margin:1px;background-color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-default{background:linear-gradient(to bottom,#165180,#1e6dab) left top repeat-x #1e6dab;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-default .column span.alert{background-color:#e51400;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-default-soft{background:linear-gradient(to bottom,#165180,#1e6dab) left top repeat-x #1e6dab;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-default-soft .column span.alert{background-color:#f0e277;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-green{background:linear-gradient(to bottom,#477c11,#60a917) left top repeat-x #60a917;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-green .column span.alert{background-color:#e51400;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-green-soft{background:linear-gradient(to bottom,#477c11,#60a917) left top repeat-x #60a917;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-green-soft .column span.alert{background-color:#e5cc11;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-violet{background:linear-gradient(to bottom,#80c,#a0f) left top repeat-x #a0f;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-violet .column span.alert{background-color:#e51400;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-violet-soft{background:linear-gradient(to bottom,#80c,#a0f) left top repeat-x #a0f;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-violet-soft .column span.alert{background-color:#f0e277;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-magenta{background:linear-gradient(to bottom,#a50058,#d80073) left top repeat-x #d80073;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-magenta .column span.alert{background-color:#1681b4;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-magenta-soft{background:linear-gradient(to bottom,#a50058,#d80073) left top repeat-x #d80073;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-magenta-soft .column span.alert{background-color:#85cdf0;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-crimson{background:linear-gradient(to bottom,#6f0019,#a20025) left top repeat-x #a20025;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-crimson .column span.alert{background-color:#b0cc22;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-crimson-soft{background:linear-gradient(to bottom,#6f0019,#a20025) left top repeat-x #a20025;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-crimson-soft .column span.alert{background-color:#cee077;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-amber{background:linear-gradient(to bottom,#bf8208,#f0a30a) left top repeat-x #f0a30a;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-amber .column span.alert{background-color:#0050ef;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-amber-soft{background:linear-gradient(to bottom,#bf8208,#f0a30a) left top repeat-x #f0a30a;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-amber-soft .column span.alert{background-color:#bbd0fb;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-brown{background:linear-gradient(to bottom,#5c401f,#825a2c) left top repeat-x #825a2c;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-brown .column span.alert{background-color:#e3c800;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-brown-soft{background:linear-gradient(to bottom,#5c401f,#825a2c) left top repeat-x #825a2c;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-brown-soft .column span.alert{background-color:#f0e277;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-steel{background:linear-gradient(to bottom,#4e5d6c,#647689) left top repeat-x #647689;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-steel .column span.alert{background-color:#e51400;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-steel-soft{background:linear-gradient(to bottom,#4e5d6c,#647689) left top repeat-x #647689;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-steel-soft .column span.alert{background-color:#f0e277;color:#000;}#Config_ReportPrefs_Builder>form>div{margin-bottom:10px;}#Config_ReportPrefs_Builder .report ul{margin-left:10px;}#Config_ReportPrefs_Builder .theme>select{margin-left:10px;}#Config_ReportPrefs_Builder .filter>select{margin-left:10px;}#Config_ReportPrefs_Builder .filter div.options{display:none;background-color:#fff;border:1px dashed #ccc;margin-top:4px;margin-left:15px;padding:2px 6px;}#Config_ReportPrefs_Builder .filter div.options .method{margin-top:4px;margin-bottom:8px;}#Config_ReportPrefs_Builder .filter div.options .method label{margin-right:14px;}#Config_ReportPrefs_Builder #Config_ReportPrefs_Builder_Components{display:flex;justify-content:space-around;}#Config_ReportPrefs_Builder_Buttonpane{padding-right:.3em;}#Config_ReportPrefs_Builder_Buttonpane textarea{float:left;font-family:Consolas,"Courier New",monospace;color:#333;width:calc(100% - 1.2em - 10px);border:1px solid #ccc;white-space:pre;min-height:0;}#Config_ReportPrefs_Builder_Buttonpane i{float:right;cursor:pointer;margin:.3em .2em 0 0;color:#335a87;}#Config_ReportPrefs_Builder_Buttonpane i:hover{color:#5e8cc2;}#Config_ReportPrefs_Builder_Buttonpane .ui-dialog-buttonset{display:none;}#Config_Location{margin-top:10px;}#Config_Location #Config_Location_Unrestricted,#Config_Location #Config_Location_List,#Config_Location #Config_Location_Optional,#Config_Location #Config_Location_Restricted{display:none;margin-top:6px;}#Config_Location_List_Dialog{display:none;}#Config_Location_List_Dialog #Config_Location_List_Dialog_ListContainer{height:280px;overflow-y:auto;background-color:#fff;border:1px solid #d8d8d8;}#Config_Location_List_Dialog #Config_Location_List_Dialog_None{padding-top:15px;display:block;text-align:center;}#Config_Location_List_Dialog #Config_Location_List_Dialog_AddContainer{padding-top:10px;padding-left:10px;}#Config_Location_List_Dialog #Config_Location_List_Dialog_List li{padding:2px 0 2px 4px;cursor:pointer;}#Config_Location_List_Dialog #Config_Location_List_Dialog_List li:hover{background-color:#f4f4f4;}#Config_Location_List_Dialog #Config_Location_List_Dialog_List li:hover .remove{opacity:.8;}#Config_Location_List_Dialog #Config_Location_List_Dialog_List li .remove{margin-top:2px;padding-right:6px;float:right;cursor:pointer;opacity:0;color:#e51400;font-size:1.3em;}#Config_Location_List_Dialog #Config_Location_List_Dialog_List li .remove:hover{opacity:1;}#Config_Location_ListImport_Dialog{display:none;}#Config_Location_ListImport_Dialog #Config_Location_ListImport_Dialog_Overwrite_Container{margin:6px 0;}#Config_Location_ListImport_Dialog #Config_Location_ListImport_Dialog_LocationList{box-sizing:border-box;width:100%;height:200px;margin:0 auto;}#Config_JobPref_General #InitialCommentsTemplate{margin-top:4px;min-width:calc(100% - 43px);min-height:40px;height:auto;field-sizing:content;}#Config_JobPref_Expressions{margin-top:10px;}#Config_JobPref_Expressions textarea{height:16px;min-height:16px;overflow:hidden;font-family:Consolas,"Courier New",monospace;}#Config_JobQueues_Index i{width:1.28571429em;text-align:center;}#Config_JobQueues_Icon{display:block;margin:0 0 10px 10px;}#Config_JobQueues_Icon_Update_Dialog{display:none;}#Config_JobQueues_Icon_Update_Dialog div.colours{text-align:center;font-size:30px;}#Config_JobQueues_Icon_Update_Dialog div.colours i{cursor:pointer;padding:1px;opacity:.9;}#Config_JobQueues_Icon_Update_Dialog div.colours i:hover{opacity:1;}#Config_JobQueues_Icon_Update_Dialog div.colours i.selected{opacity:1;}#Config_JobQueues_Icon_Update_Dialog div.icons{text-align:center;font-size:30px;background-color:#fff;border:1px solid #d1d1d1;margin:6px 0 14px 0;}#Config_JobQueues_Icon_Update_Dialog div.icons i{width:1.28571429em;text-align:center;cursor:pointer;padding:4px 0;color:#333;opacity:.6;}#Config_JobQueues_Icon_Update_Dialog div.icons i:hover{opacity:.9;color:inherit;}#Config_JobQueues_Icon_Update_Dialog div.icons i.selected{opacity:1;color:inherit;}#Config_JobQueues_JobSubTypes_Update{margin:8px 0;}#Config_JobQueues_JobSubTypes_Update_Dialog #Config_JobQueues_JobSubTypes_Update_Dialog_Types{margin:0 0 8px 0;}#Config_JobQueues_JobSubTypes_Update_Dialog .jobTypes{padding:6px 0;}#Config_JobQueues_JobSubTypes_Update_Dialog .jobTypes .jobSubTypes{background-color:#f2f2f2;border-left:4px solid #d8d8d8;padding:4px 0 4px 8px;margin:4px 0 0 6px;}#Config_JobQueues_JobSubTypes_Update_Dialog .checkboxBulkSelectContainer{font-size:.8em;}#Config_JobQueues_Subjects li,#Config_JobQueues_Subjects_Update_Dialog_List li{padding:4px 0 4px 4px;}#Config_JobQueues_Subjects li i.fa-user,#Config_JobQueues_Subjects_Update_Dialog_List li i.fa-user,#Config_JobQueues_Subjects li i.fa-users,#Config_JobQueues_Subjects_Update_Dialog_List li i.fa-users{width:1.28571429em;text-align:center;}#Config_JobQueues_Subjects_Update_Dialog{display:none;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_ListContainer{height:280px;overflow-y:auto;background-color:#fff;border:1px solid #d8d8d8;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_None{padding-top:15px;display:block;text-align:center;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_AddContainer{padding-top:10px;padding-left:10px;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_List li{cursor:pointer;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_List li:hover{background-color:#f4f4f4;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_List li:hover .remove{opacity:.8;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_List li .remove{margin-top:2px;padding-right:6px;float:right;cursor:pointer;opacity:0;color:#e51400;font-size:1.3em;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_List li .remove:hover{opacity:1;}#Config_UserFlags_Show #UserFlag_OnAssignmentExpression,#Config_UserFlags_Show #UserFlag_OnUnassignmentExpression{height:16px;min-height:16px;overflow:hidden;font-family:Consolas,"Courier New",monospace;}#Config_UserFlags_Index i{width:1.28571429em;text-align:center;}#Config_UserFlags_Icon{display:block;margin:0 0 10px 10px;}#Config_UserFlags_Icon_Update_Dialog{display:none;}#Config_UserFlags_Icon_Update_Dialog div.colours{text-align:center;font-size:30px;}#Config_UserFlags_Icon_Update_Dialog div.colours i{cursor:pointer;padding:1px;opacity:.9;}#Config_UserFlags_Icon_Update_Dialog div.colours i:hover{opacity:1;}#Config_UserFlags_Icon_Update_Dialog div.colours i.selected{opacity:1;}#Config_UserFlags_Icon_Update_Dialog div.icons{text-align:center;font-size:30px;background-color:#fff;border:1px solid #d1d1d1;margin:6px 0 14px 0;}#Config_UserFlags_Icon_Update_Dialog div.icons i{width:1.28571429em;text-align:center;cursor:pointer;padding:4px 0;color:#333;opacity:.6;}#Config_UserFlags_Icon_Update_Dialog div.icons i:hover{opacity:.9;color:inherit;}#Config_UserFlags_Icon_Update_Dialog div.icons i.selected{opacity:1;color:inherit;}#Config_UserFlags_BulkAssign_ModeDialog>div{margin-top:6px;background-color:#fff;line-height:1.3em;border:1px solid #ddd;}#Config_UserFlags_BulkAssign_ModeDialog>div>div{display:block;padding:4px;cursor:pointer;}#Config_UserFlags_BulkAssign_ModeDialog>div>div:not(:last-child){border-bottom:1px dashed #ddd;}#Config_UserFlags_BulkAssign_ModeDialog>div>div h5{font-size:1.1em;padding:4px 0;}#Config_UserFlags_BulkAssign_ModeDialog>div>div i{margin-right:4px;}#Config_UserFlags_BulkAssign_ModeDialog>div>div.add:hover{background-color:#eeffde;}#Config_UserFlags_BulkAssign_ModeDialog>div>div.add i{color:#60a917;}#Config_UserFlags_BulkAssign_ModeDialog>div>div.override:hover{background-color:#ffe1de;}#Config_UserFlags_BulkAssign_ModeDialog>div>div.override i{color:#e51400;}#Config_UserFlags_BulkAssign_AssignDialog .brief{margin:0 0 8px 0;}#Config_UserFlags_BulkAssign_AssignDialog .brief .scopeDescBulkGenerate{font-weight:600;}#Config_UserFlags_BulkAssign_AssignDialog .brief div.examples{margin:8px auto;width:300px;}#Config_UserFlags_BulkAssign_AssignDialog .brief div.examples div{margin:2px 4px 2px 0;width:150px;float:left;}#Config_UserFlags_BulkAssign_AssignDialog .brief div.examples div.example1{width:100px;}#Config_UserFlags_BulkAssign_AssignDialog div.loading{display:none;padding:40px 0;text-align:center;}#Config_UserFlags_BulkAssign_AssignDialog div.loading i{margin-right:10px;color:#1e6dab;}#Config_UserFlags_BulkAssign_AssignDialog #Config_UserFlags_BulkAssign_AssignDialog_UserIds{height:200px;margin-bottom:8px;}#Config_UserFlags_BulkAssign_AssignDialog textarea{width:calc(100% - .5em);margin:0;}#Config_UserFlags_BulkAssign_AssignDialog.loading>div.loading{display:block;}#Config_UserFlags_BulkAssign_AssignDialog.loading>form{display:none;}#UserFlag_Export #UserFlag_Export_Fields #UserFlag_Export_Fields_Defaults{font-size:.75em;}#UserFlag_Export #UserFlag_Export_Fields th{font-size:1.05em;}#UserFlag_Export #UserFlag_Export_Fields th span{margin-top:4px;font-size:.8em;}#Config_DeviceFlags_Show #DeviceFlag_OnAssignmentExpression,#Config_DeviceFlags_Show #DeviceFlag_OnUnassignmentExpression{height:16px;min-height:16px;overflow:hidden;font-family:Consolas,"Courier New",monospace;}#Config_DeviceFlags_Index i{width:1.28571429em;text-align:center;}#Config_DeviceFlags_Icon{display:block;margin:0 0 10px 10px;}#Config_DeviceFlags_Icon_Update_Dialog{display:none;}#Config_DeviceFlags_Icon_Update_Dialog div.colours{text-align:center;font-size:30px;}#Config_DeviceFlags_Icon_Update_Dialog div.colours i{cursor:pointer;padding:1px;opacity:.9;}#Config_DeviceFlags_Icon_Update_Dialog div.colours i:hover{opacity:1;}#Config_DeviceFlags_Icon_Update_Dialog div.colours i.selected{opacity:1;}#Config_DeviceFlags_Icon_Update_Dialog div.icons{text-align:center;font-size:30px;background-color:#fff;border:1px solid #d1d1d1;margin:6px 0 14px 0;}#Config_DeviceFlags_Icon_Update_Dialog div.icons i{width:1.28571429em;text-align:center;cursor:pointer;padding:4px 0;color:#333;opacity:.6;}#Config_DeviceFlags_Icon_Update_Dialog div.icons i:hover{opacity:.9;color:inherit;}#Config_DeviceFlags_Icon_Update_Dialog div.icons i.selected{opacity:1;color:inherit;}#Config_DeviceFlags_BulkAssign_ModeDialog>div{margin-top:6px;background-color:#fff;line-height:1.3em;border:1px solid #ddd;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div{display:block;padding:4px;cursor:pointer;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div:not(:last-child){border-bottom:1px dashed #ddd;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div h5{font-size:1.1em;padding:4px 0;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div i{margin-right:4px;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div.add:hover{background-color:#eeffde;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div.add i{color:#60a917;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div.override:hover{background-color:#ffe1de;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div.override i{color:#e51400;}#Config_DeviceFlags_BulkAssign_AssignDialog .brief{margin:0 0 8px 0;}#Config_DeviceFlags_BulkAssign_AssignDialog .brief .scopeDescBulkGenerate{font-weight:600;}#Config_DeviceFlags_BulkAssign_AssignDialog .brief div.examples{margin:8px auto;width:300px;}#Config_DeviceFlags_BulkAssign_AssignDialog .brief div.examples div{margin:2px 4px 2px 0;width:150px;float:left;}#Config_DeviceFlags_BulkAssign_AssignDialog .brief div.examples div.example1{width:100px;}#Config_DeviceFlags_BulkAssign_AssignDialog div.loading{display:none;padding:40px 0;text-align:center;}#Config_DeviceFlags_BulkAssign_AssignDialog div.loading i{margin-right:10px;color:#1e6dab;}#Config_DeviceFlags_BulkAssign_AssignDialog #Config_DeviceFlags_BulkAssign_AssignDialog_DeviceSerialNumbers{height:200px;margin-bottom:8px;}#Config_DeviceFlags_BulkAssign_AssignDialog textarea{width:calc(100% - .5em);margin:0;}#Config_DeviceFlags_BulkAssign_AssignDialog.loading>div.loading{display:block;}#Config_DeviceFlags_BulkAssign_AssignDialog.loading>form{display:none;}#DocumentTemplate_BulkGenerate .actions{padding-bottom:.5em;text-align:right;}#DocumentTemplate_BulkGenerate table{max-width:850px;margin:auto;}#DocumentTemplate_BulkGenerate table tr.when-none{text-align:center;font-style:italic;}.dialog-item-picker{height:300px;overflow-y:auto;background-color:#fcfcfc;border:1px solid #ccc;}.dialog-item-picker>div{background-color:#fff;border-bottom:1px solid #ddd;padding:6px 0 6px 6px;cursor:pointer;}.dialog-item-picker>div:hover{background-color:#f4f4f4;}.dialog-item-picker>div.selected,.dialog-item-picker>div.selected:hover{background-color:#eee;}.dialog-item-picker>div.disabled{cursor:not-allowed;background-color:#f4f4f4;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List{height:120px;overflow-y:auto;background-color:#fff;border:1px solid #d8d8d8;margin-bottom:10px;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List li{cursor:pointer;margin:2px 4px;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List li:hover{background-color:#f4f4f4;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List li:hover .remove{opacity:.8;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List li .remove{margin-top:2px;padding-right:6px;float:right;cursor:pointer;opacity:0;color:#e51400;font-size:1.3em;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List li .remove:hover{opacity:1;}#DocumentTemplate_Export #DocumentTemplate_Export_Fields #DocumentTemplate_Export_Fields_Defaults{font-size:.75em;}#DocumentTemplate_Export #DocumentTemplate_Export_Fields th{font-size:1.05em;}#DocumentTemplate_Export #DocumentTemplate_Export_Fields th span{margin-top:4px;font-size:.8em;}
\ No newline at end of file
+.tableData{border:solid 1px #f4f4f4;border-collapse:collapse;}.tableData>tbody>tr>td{border:solid 1px #f4f4f4;background-color:#fff;}.tableData>tbody>tr:nth-child(odd)>td{background-color:hsl(0,0%,98.5%);}.tableData>thead>tr>th,.tableData>tbody>tr>th{background-color:#f4f4f4;border:solid 1px #f4f4f4;}.tableData>tbody>tr:hover>td{background-color:hsl(0,0%,97.5%);}.tableData>tfoot>tr>th,.tableData>tfoot>tr>td{background-color:#f4f4f4;}.tableDataDark{border:solid 1px #d8d8d8;border-collapse:collapse;}.tableDataDark td{border:solid 1px #d8d8d8;background-color:#fff;}.tableDataDark th{background-color:#eee;border:solid 1px #d8d8d8;}.tableDataContainer{background-color:#fff;}.tableDataVertical{border:solid 1px #f4f4f4;border-collapse:collapse;}.tableDataVertical>tbody>tr:nth-child(odd){background-color:#f4f4f4;margin:0;padding:0;}.tableDataVertical>tbody>tr>th.name{width:170px;text-align:right;}.tableDataVertical table.sub>tbody>tr:not(:first-child)>th,.tableDataVertical table.sub>tbody>tr:not(:first-child)>td{border-top:1px dashed #aaa;}.tableDataVertical table.sub>tbody>tr>th{font-weight:normal;text-align:right;}.tableDataVertical table.sub>tbody>tr>th.name{text-align:right;}.icon16{display:inline-block;height:16px;width:16px;margin-left:2px;cursor:pointer;}.subtleUntilHover{-moz-opacity:.3;opacity:.3;}.subtleUntilHover:hover{-moz-opacity:1;opacity:1;}#updateAvailableContainer{float:right;border:1px dashed #ddd;background-color:#fff;font-size:.6em;line-height:1em;padding:10px 10px 4px 70px;text-align:right;height:50px;}#updateAvailableContainer i{position:absolute;display:block;height:64px;width:64px;vertical-align:middle;margin-left:-70px;font-size:50px;color:#e51400;}#updateAvailableContainer button{font-size:12px;margin-top:8px;}.Config_HideAdvanced .Config_HideAdvanced_Item{display:none;}.Config_LinkedGroup_Instance{margin:4px 0 8px 4px;padding:4px 0 4px 6px;border-left:4px solid #ccc;background-color:#fff;}.Config_LinkedGroup_Instance div.code{margin-left:2px;}#Config_LinkedGroup_Dialog h3{margin-bottom:6px;}#Config_LinkedGroup_Dialog table.input{margin-top:12px;}#Config_LinkedGroup_Dialog table.input th{text-align:right;}#expressionEditor #expressionEditorExceptionContainer{display:none;border:1px dashed #ff9696;background-color:#ffd8d8;margin:10px 0;padding:10px;}#expressionEditor #expressionEditorContainer{border:1px solid #1e6dab;background-color:#f4f4f4;height:100px;}.expressionTree span.dynatree-node span.dynatree-icon{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAAAQCAYAAACm53kpAAAGFklEQVRYw+WVe1BUVRzHvwE+QE0ZLF1Y3gTGSxIl4rk85KHFe0cUiIc8IjNx8gUmLJAFpbIKKJmmCSOi4q48zAe6LqAoioiIMlpOqYWxKCroWFNzO2eXXRdYCBqmf/rNfPece+6598738/ud3wJjHPV8WNwphoSO+L+F3HznWaTVbcGDsYQggkhjJPucWIhcGYYP5xnAKnkh0n1skcGxRobzLGx0MsYmR2MUO5qBMzEAiXhvxmLZU94tq/rJqzUV3q08zL+ei/lt+fC9sRt+N0vh334U/rdOYMEtMRnPqzL/4CxSu46jQFIJgSoI93FfZ7Tmi1FsVoSitWuwhv1Pe51ZcO0+g0BHNkqYH7BVrueXsPlhDYou7cYhrh2OOCzCdhQg7SWAcCYK4X/GIPyPBHBfJIP7fAWCe1chuGc9Qp5kIfhRDgIfbkHQo0IESnaCI74yKPNnkNZ5HPldxLxEiEuSw7i7fgl65BCo+Soc2zkaCHLzZSgLpeM2bBsWAscSM90McID5GTuy41BKzfdexOYn51Ao+R5lvwpR9bsAP65chr0z+TijqgLWw7dtI/zatsoy315GVA2/WyJp1uVyr7k6oOxT5ea7BGgk5u+pMt+N7pCRQtiP/VbUdA1qPLrxNLgFrR/T6wLsMlRscj+bpZAdn+tph5SeBvDi/HGYQjCfjObHtdj+8CRKOwQQ/XIIVyT78GhRFAQ6n6NJ9hKrZeGKF3IZdXDIefO/PQH2l7UQUD8FLnXaZG060Uy8c14PnAYjsJwa6Xb5me86KSv7LpL5riEyT8334FmSCOK8T7D6mrLZjhaEpacjFKzxoTAOWE2W1KhZUgFBj9ETRp+juozmFXQ9D3ksBYBIJgJOe32o+S4xPp1riKqGPdho+BrKKQQWxtXe3IMm8SbcFeWi8zMuJDPsIdLNxg3Z1y2TImUTRk1m/tiEoA78NlDwJOZd6gxg/r6/HAA1WZSCJ5IqCKVlL8BVah4Gvny5TuF0/kDzI6mADcgQfIEcfjOuLXmKZ/H0eTImilGfFI3Yo2SLuhSAV5MfNX9hH1Kpeeh4rHEwQnXjN/hWG69WMBfxk/F0dKpD84W1If4y0oJQ3Q779Xno6AMQG0vMvwKTwHUwWpgJQ/+vpIbJolzSa11XMdhuF5QBKEPoKsc9OioaHwXQVwE7satOlXma+RqhLPseC0gFsNVDYeCQRO/xkCkUQLjtJYTemFa0xcUjsTwa0S1kyzjoe7rRvW5u0Hcxw3d2s2BEr+cYw5VCaNqOFu1x6B0PtWJomyTLvzvRHxFTQ3FPdmUekaAq44MqwE1sTPTGQADKEPp1/T4AcgjUvCHIO0YYPGSVC1FRWI1qfg5y8w6hPGkpEk6kI6MuDnH9ADA8aFApHj54UB3qk0M9zUijM42yRgTDxiSdE6q/ZLYoWTnj0rmhTyH0vfaQD5RBn1MBPfeTJPu10HNpgFVK2EAAcgj9FpQA0JCaj68tQbyIPfD8C0sRFvcBQlnWCAHbdqnsCGyYRyAIjqKyoAKVW2MQ25yJzLoVSGkk82sc8ncO9nz3QQB4PDUsJz0soH0KFt+ZIVU0Yzo0AFPuR4OyLW16jaTpndaDH2l6nPNmcK63gHOjFWanRaoCMCiUAVDT1HwWkwiPYzUDIQxdBTzbLGQLDqCsiGZ9LdY1RCPmeglKLKUb9H1dZUmMipKKIUdZPldWFPPmsABId9eESbCiB8DQuxAGpAL0PA7A85yptAJoD6AVMFoAyuaXX8+Wzu2/ZkZ6FHKRa0ErIRZLmyMR2c4H31ZxU9+n/xE4SP7FSBNHkGgaQm6wwG03RsRNG8Qxs4cHYNsyCd6npsLrog6czr1Osq0Lb9LxXepMiMzhdcGSyBauDXNGBYBKlfkRVoA88pFvswQRt7OQZd/vRh8ARaa5zHjVFfBs7vAAqHldZwuwA21gnjAPs9e64C2eNxy+fBeOeSFw2hGu0EgBKJe/077Gf2t+2DAKfLtfBTCMpkJHGB3wGANkMJbIYWyGB0ANjVajCWp6rM3T0Ji2ifxUQV2rQqHxU4i0KomqoKHZN06sGhrAfxVjbX4M4m/gZza+uQwOHQAAAABJRU5ErkJggg==);background-position-y:0;}.expressionTree span.dynatree-node.object span.dynatree-icon{background-position-x:0;}.expressionTree span.dynatree-node.parameter span.dynatree-icon{background-position-x:-16px;}.expressionTree span.dynatree-node.function span.dynatree-icon{background-position-x:-32px;}.expressionTree span.dynatree-node.property span.dynatree-icon{background-position-x:-48px;}table.expressionsTable{border:solid 1px #f4f4f4;border-collapse:collapse;}table.expressionsTable>tbody>tr>td{border:solid 1px #f4f4f4;background-color:#fff;}table.expressionsTable>tbody>tr:nth-child(odd)>td{background-color:hsl(0,0%,98.5%);}table.expressionsTable>thead>tr>th,table.expressionsTable>tbody>tr>th{background-color:#f4f4f4;border:solid 1px #f4f4f4;}table.expressionsTable>tbody>tr:hover>td{background-color:hsl(0,0%,97.5%);}table.expressionsTable>tfoot>tr>th,table.expressionsTable>tfoot>tr>td{background-color:#f4f4f4;}table.expressionsTable td.parseError{background-color:#ffd8d8;}#AttachmentType_FilterExpression{width:375px;}#deviceComponents{border:solid 1px #f4f4f4;border-collapse:collapse;}#deviceComponents>tbody>tr>td{border:solid 1px #f4f4f4;background-color:#fff;}#deviceComponents>tbody>tr:nth-child(odd)>td{background-color:hsl(0,0%,98.5%);}#deviceComponents>thead>tr>th,#deviceComponents>tbody>tr>th{background-color:#f4f4f4;border:solid 1px #f4f4f4;}#deviceComponents>tbody>tr:hover>td{background-color:hsl(0,0%,97.5%);}#deviceComponents>tfoot>tr>th,#deviceComponents>tfoot>tr>td{background-color:#f4f4f4;}#deviceComponents tr th.actions{width:20px;}#deviceComponents tr input.description{width:300px;}#deviceComponents tr input.cost{width:75px;}#deviceComponents tr i.remove{font-size:1.6em;color:#e51400;cursor:pointer;opacity:.8;}#deviceComponents tr i.remove:hover{opacity:1;}#deviceComponents tr i.fa-list-alt{color:#1e6dab;font-size:1.6em;cursor:pointer;}#deviceComponents tr i.fa-asterisk{color:#fa6800;font-size:1em;left:10px;top:3px;cursor:pointer;}#deviceComponents tr input.updating{background-position:right center;background-repeat:no-repeat;background-image:url(data:image/gif;base64,R0lGODlhEAALAPQAAP///zNah+Hm7dng6O7x9DddiTNah1d3nJqtw3+Xs8fS3k5vlm6JqaGzx4KatcrU4FFymDZciHGMq+ru8t/l7Pb3+V9+oeLo7vT2+MTP3LLB0dTc5fHz9gAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJCwAAACwAAAAAEAALAAAFLSAgjmRpnqSgCuLKAq5AEIM4zDVw03ve27ifDgfkEYe04kDIDC5zrtYKRa2WQgAh+QQJCwAAACwAAAAAEAALAAAFJGBhGAVgnqhpHIeRvsDawqns0qeN5+y967tYLyicBYE7EYkYAgAh+QQJCwAAACwAAAAAEAALAAAFNiAgjothLOOIJAkiGgxjpGKiKMkbz7SN6zIawJcDwIK9W/HISxGBzdHTuBNOmcJVCyoUlk7CEAAh+QQJCwAAACwAAAAAEAALAAAFNSAgjqQIRRFUAo3jNGIkSdHqPI8Tz3V55zuaDacDyIQ+YrBH+hWPzJFzOQQaeavWi7oqnVIhACH5BAkLAAAALAAAAAAQAAsAAAUyICCOZGme1rJY5kRRk7hI0mJSVUXJtF3iOl7tltsBZsNfUegjAY3I5sgFY55KqdX1GgIAIfkECQsAAAAsAAAAABAACwAABTcgII5kaZ4kcV2EqLJipmnZhWGXaOOitm2aXQ4g7P2Ct2ER4AMul00kj5g0Al8tADY2y6C+4FIIACH5BAkLAAAALAAAAAAQAAsAAAUvICCOZGme5ERRk6iy7qpyHCVStA3gNa/7txxwlwv2isSacYUc+l4tADQGQ1mvpBAAIfkECQsAAAAsAAAAABAACwAABS8gII5kaZ7kRFGTqLLuqnIcJVK0DeA1r/u3HHCXC/aKxJpxhRz6Xi0ANAZDWa+kEAA7AAAAAAAAAAAA);}#organisationAddresses{font-size:.9em;}#organisationAddresses tr:not(:last-child){border-bottom:1px dashed #aaa;}#organisationAddresses th{padding:2px;font-weight:600;width:200px;}#organisationAddresses td{padding:2px;vertical-align:middle;}#organisationAddresses tr:nth-child(even){background-color:#fff;}#organisationAddresses i.fa{font-size:1.7em;cursor:pointer;}#organisationAddresses i.fa.delete{color:#e51400;opacity:.8;}#organisationAddresses i.fa.delete:hover{opacity:1;}#organisationAddresses i.fa.edit{color:#1e6dab;}ul#loggingEntries{overflow:auto;max-height:230px;padding-left:20px;}table.deviceProfileTable th.name{width:300px;}table.deviceProfileTable th.type{width:120px;}table.deviceProfileTable th.deviceCount{width:120px;}#configurationDeviceProfileShow #displayComputerNameTemplate{margin:0 0 6px 0;}#configurationDeviceProfileShow #displayOrganisationalUnit{margin:0 0 6px 0;}#dialogComputerNameTemplate #ComputerNameTemplate{box-sizing:border-box;height:48px;width:100%;font-family:Consolas,"Courier New",monospace;}#dialogOrganisationalUnit .enforceOrganisationalUnit{line-height:2.2em;}#dialogOrganisationalUnit .organisationalUnitTree{height:380px;}#dialogOrganisationalUnit .organisationalUnitTree span.fancytree-node{padding:1px;border:0;}#dialogOrganisationalUnit .organisationalUnitTree span.fancytree-node>span.fancytree-icon{background:none;display:inline-block;font-family:FontAwesome;font-size:1.2em;width:14px;}#dialogOrganisationalUnit .organisationalUnitTree span.fancytree-ico-ef>span.fancytree-icon:before{color:#1e6dab;font-size:1em;content:"";}#dialogOrganisationalUnit .organisationalUnitTree span.fancytree-ico-cf>span.fancytree-icon:before{color:#1e6dab;font-size:1em;content:"";}#dialogOrganisationalUnit .organisationalUnitTree ul.fancytree-container>li>span>span.fancytree-icon:before{color:#fa6800;font-size:1em;content:"";}#dialogOrganisationalUnit .organisationalUnitTree span.fancytree-node.fancytree-selected{font-style:normal;background:none;}#Config_System_AD_SearchScope_Dialog_Loading,#dialogOrganisationalUnit_Loading{text-align:center;padding:40px 0;}#Config_Expressions_Browser{padding-right:275px;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAA6BUlEQVR42u19XZPcxnX2cwDM7FKkZIUph6JykcR2uWzKJdJSyqlKLIl59WU78aXzC3KVm1ynKlf5HclFKjepsuutKBU7ViL5ZSw5CcXQUtmhaFESRZpcLj+X3M/5Avq8FzPANBoNoAE0MLO7fVTUzjQwGACD53w85/RpYmY4ceLkcIrnboETJ04BOHHixCkAJ06cOAXgxIkTpwCcOHHiFIATJ06cAnDixIlTAE6cOHEKwIkTJ04BOHHixCkAJ06cOAXgxIkTpwCcOHHiFIATJ06cAnDixIlTAE6cOHEKwIkTJ04BOHHixCkAJ06cOAXgxIkTpwCcOHHiFIATJ06cAnDixIlTAE6cOHEKwIkTJ04BOHHixCkAJ06cOAXgxIkTpwCcOHHiFIATJ06cAnDixIlTAE6cOCmVoGyH7//g//6/v/27v4XvB/A8wPcCBIEPogBeQCAi9Hwf5PXR7/nwfIIf9NEPfPi9/pkjK/0PQB6YBYgInkcAPLCIAPIBIrAIQb4HCAFQD/AEfAaE7wGRAMMDEMH3PHAkwOyB2QP5DGYGMYFJgCMGfMAjgAGwEGAhQOSBCPCIIAQAMIRgIPBAACAAQQwIwPd9gAlhxPDAECTgeQARATz9PsGMYHbuRIwoigB48AMPIhJgAjgCmAUCHxAcgEhAsAePp+OiR8AkBIjQ8zwIIQDPAzMgIgGPpufNIMAnsCD4AAACBwwPHogBAkF4Aux5AHkgZviRmH6GGQQCaPa9PjAZjeD5Plj48BCCGfA8QigiCDH9PHMEDjwgihAy0ANhPBYIeoyxEBBjAd9jRBHAFGHMDEwmIA5AxBAeg8MQghns94GxAFaA6cUJQHjwKQB6AqEQCISA8HoIGPB9giAGMWMCIBA+gB68I4yIGR4zViiAEAL02ApoPEbEjMf6j2E0YtBjABMBAI4CCMM+6DEA3vR6jhABCCCC6W8aCAHf9xFFK6CjBMGMY0SIogie1wewAvhDHDtyJGU3I2L0iHDs2LHpfSYPAtPzjqIIe3t72Nraw3jFBwYDRKMRwjCEEALDMETEjBUiCCEwmUwQAeAomj6PAJgZkzDESr8/feamDy48z4PnTe329Lyj5HUQBMm2P/uzPwMz4/Tp039chG9i5kIF8NZPfsIeeckXT/8RyPPh0/Tv9L0H3/NARPB9H0QePJ8Q+AHiq6L51yrvZ+8oc3qaYSraNTOoG9MMTgFuNAajb5kOkWbIdExzOORtUO5n7pjmbEl71Nzv0X9WdxAquY6i79Ef03ws93HX7Jczpr03VHC/5sI8BTCzQIwvIabGg8GJIZH/xaAX8XvNPtPdpspA/gznHE8IgS9/+cvUyAN49PDRFPS+D3+mAHzfnysDZZxovt33PfR6vRqArgJ8PciJTMaqAL+KgmgCfA3UK4G8CvBrjJWATw/8grHaIM8DfhHIGeD5GOvGpmYR0p+pF0azrZmx9DUxJCAKGZQieS1koPIc0Oo/kfd5IVIgz1MCsdfQSAGASAEZSePy40YJyOJ/89vjgF8OcovApwL/5FAC39ziN35GJYeapVOVHW35syz99jSz6DpvM/X52YZp6EHSPqx93UwBSDeJiDQ/xuziSX76aH4BGaAePuAXg7wm8EnzCDcFPlUH6X4EPmniH2vPqPx7xm56HsjjMWm/PEDnjetDEDZWAkE5+CkTm8X/pW8epfGfEz8dVOBXB7kB8AtBXhP4hSA/OMAvjttbAH48JlvhHGVANA015mMZn6AQ9LrxKqCvGAJAcfXlMUp5AdKfGftMDvhlY5VBbgB8sjHmgF9njHPoTVb8eZL2zXP1855FFeQ68LMtBUA6V1/x9omU/WRmgIpuIBUkAJYH+EQFXLwDfufALwX5AoBfarVTNp5Sj0QTV1+3j5xFsMIBSJwflIA/m9pLFEI2FrAHfIKGX2sI8qKUX12QF6X3FgX8vCxBE+BXO6bJWC2Qtw788ufWBMxz4Ntz9bki+WfuAZD8CM1vSBocBMqQIakIoAbwdSBvBvzquf66IG8K/DxvoQnImwK/5LxrgTybvG8OfIJmU+vAL6PuTS17VVc/Ab+hxa/hAVDG1U+drJzyS+cApZ+4O+A3j+91ALRR0GMC8kUDv4ZXUgvkTYGv8xaaAt+Cp0qUJgENyL0yhaAW92S2FREHdhRA1jiQBHLS/JCUihnyUyXLBXw7xTv1QF4F+E0LguwD3xzkVYBfAPLawDcFeXWLryUBDci9IldfC3pVaTQAvzEJKLsAlLpgyhQE+X4wqwQkBIGPfj+QgDwvKqLUzSOQh/R+s78ySJJwhNL7pvaRPJOUD6IdS59DShno9lUfUkp7OHPHJ32PUp4FZcMJKvCGVIVIVG6JTBVfkfUpsyymlodTqKj2sDKgtaGpMdYDlVFcrosUD28A/Bx3UXfv5Uq8+L06nir/lar5gGl1X1zTH1fzxZ9HmTdg3QMgklh+DeGHecrv/oN7ePen78wmCxE8z0MQBHPQzxTIXBHElYOxYom3Q7uP9jPSWNl2khWYfC7IbouVHRnsq92m/ax0Lbpz8ry5AjP9ntQxDa4rJ6as8zquTa+yX6PvU2JddUxHlOW+1h0r57XOFS/aXlannzsPoKCsl5kxGo3wp3/6p3jqqaeseQOB+a6UJgbVqj8Ak/EYt26t4cGDB5kyRSdOnNQTZsZ4PMYTTzyB4XBYSvxxQQhRkwSMyT5KA5+U9CAIvV4PJ0+exObmJq5cuYL79++7X9CJdYmBcNDlwYMH+JM/+RP85m/+ZuK5FIVfcZhgzQPwPIJHNJtTP/3reVO30ovdzdkU4XiGIBHh+PHjuH//PtbW1tzT6sRJBZE95xMnTuCJJ56Ye9QagLP8TxNeNPcAkKr9SZ2ojgSR487f/u3fxne/+11z8umQjbt74e7RYDDApUuXsLGxUagQOAf4SfzfSilwpvw3TTrFWyinJNc9/O7hd/cof/zWrVv41a9+hTAMjTyDRBnIYYAC/IQfsKEAUjwAdFN7SZkKDGs/knvI3T06qPdoMpng0qVLuHv3bqXwgHPAn/EGCniCagpALfBRmn+kwoScG5BX0ugefqcgDuO9uHv3Li5dumRk9TUH0nIAqJkKNJwNKLn6mrkAJNf9KxyA+8EdKNy9mFv9q1ev4te//nUlQlDHAbCBN2ApBJAqAFWLT3mz9EhbA+AefncvDus9evjwIT788EMMBgPUlVT8X+YNGKYDDUuBlZNQSEBSK/ZKbo4DhbsXh+keXb16FVevXoUNycT5edyArRBAtex5WinvvXv4nYI4rOPb29u4fPkytre3G4E+FQJIlp11Vl9VFM1JQErP8JXi/3QmUF+3btKp1D38TkEctPEbN27gypUrsCm6NKDO6vPMHTBxBoJ62ogyIYA+YGg3C+AefnePlm18OBzi8uXLePjwoXXwa0uBVW+g4sxLs7bgcQPQzLx30oYAy5IFcA+/u0ddjq+vr+Pjjz+ul94zJgHyiD8d+G2QgJSdCKwCXAf6ql1P3Li7R/v1Hk0mE1y+fLm1iW/5vRzkfgtVkn91QgBpnrsu7tfFKbob5x5+pyAO0r24f/8+Ll++3K7VzwG/bP7r9gUy8gCIyjWSvJ9JCOAefqcg9vO9CMMQn332GW7evNk62OWuQnPwzy2+ucNf2wNINwNRlYBMAhZ1nan6Q+mUTt6Ch+7hd/eiq3v06NEj/OpXv+qkJ4GcWeO02ZcIwbT3b7kSUB/36yx9Xm+6qiFAUQsr+ZhVPAv3kLt7ZGP82rVruHbtWqfuvppOz4T9Euyrtl80IwEzjSkpUxeQ6qPXIASQvzduMBJbfnnJY7XRonv4nYJoc3xnZwcfffQRdnZ2sCiJ1xRME38atCdpAYshABFp1gXQt9Sue+Nly+95Hnq93qzDsAchBIQQmEwmKSVQFmq4h98piKbjN2/exKeffrpY4LPi3yfWPgf8hm6A4cpA6XhA7QMovyrzAMpufPzZXq+HZ599Fi+88ALee+89XLlyBWEYYjKZJH+jKEoUQ9n3uIffKYiq48PhEFeuXMGjR4+waJkrgTLij+1zABpGIAP8TL1wyU0uWx7J9330ej2cPn0ap0+fxqNHj/A///M/+MlPfoLxeIzRaITJZJIogiiKUn3XF6UInII4GPdobW0N169f7zy9Z0IIFqX9q5YEBIbfrKwRKPMD6VWCVA+gahYg/myypsBMnnzySbzyyit45ZVX8Pbbb+ODDz7A7du3MR6PMR6PE88giqIUSZjnFbiH3ykCnYRhiI8++ggPHjzAMkkmDFCIvyw3YKYBDKYDp+v8SVcQBGjHyuLzon3yegoAwMsvv4yXX34Zly9fxvnz53H58mWMRqNEGcSKQA4N8rwCBwqnIGJ58OBBEmouv2hMP7cUAqhLeaXGlaahuhReFTdct3xSnnz1q1/FV7/6VTx69AgXLlzA22+/nSiC0WiUKIIoihINGnsIThE4BSFb/atXr+LOnTtLCfVsGjDf77eeBlSZQMoohOwikqoSqOL+A0AURQnRZyJPPvkkXn31Vbz66qt466238P777+P27duJMtCFB1ULipyCOJj3aHNzEx9//PHSLzQix/+sof0yJQGGSsCoH4Bs8eWmgFJ70HnXYE0WoMoPFS+oGIYhfvGLX+Af/uEf8Nxzz+GZZ54xulExT/Dhhx/i/PnzuHTpUuIRyOEBESUZhDZLlZ2CWN7xq1ev4tatW0vv7OvTgCgAfUYlNOEA5i2/NJMCNF2Dy3+AvB8kBj8AjMdjAMB//ud/4uLFi/iN3/gN/NEf/RG++c1vYnV1tfTCTp06hVOnTuHRo0d477338NZbb2E0GmE4HCYeQRiGiRKQ04nOOh7sa97d3cXHH3+M3d1d7CeZG1Vl8k/OxCA7HECG7NP0AZgXAWizAFV/KDmlF0URJpMJRqMR/vmf/xlvvvkmnn/+efzBH/wBfu/3fs8oPHjttdfw2muv4d///d/x/vvvY21tLQkNZGUQewWHySM4bArixo0blbryLgPo06E05xB/EgdgOw04XxFI6Q2QpAZ1i4bU+6HiEt8YiDEfMBqNEAQBhsMh3nnnHbz33nt46qmn8PWvfx2vvvqq0c2MeYIPP/wQH3zwAS5cuKDNHsQZBKcIDo6CGI1G+OSTT7C5uYn9KimjqyH+UkWAtjoCqXMBYrJPXgqEkF0XoE4IIKcC5bhH5gXG43GiCHZ3d3Hjxg28+eab+OY3v4nTp08beQVxePCd73wH58+fx5tvvpkiDGXSUE0nuvh6/ymI9fV13LhxY5+k90zJQNbNBUpts8IBxLBPr/5FCQmYQj/0HYHq/IByPUD8OibvwjCE53nwfR+j0QiDwQD/9m//hnPnzuHkyZN47rnnjLyCJ598Eq+//jpef/11/PSnP8XPfvYz3Lp1K+MVxNWGOm/FxdfLey/CMMQnn3ySu+jmfgN+qiegJvbXsAOWSMDE3yetMiCkVwuyuTCIrAjiMdkjmEwmiSIIggB7e3u4ceMGfvzjH+PVV1/F6dOncfLkydIb8eKLL+LFF1/EpUuX8P777+P8+fMYDAYYDofJOcQWxE04Wn4FsbGxgU8//fTAWP3MNWuIP9amBxqTgMgy/UlYkPUCyoBf9wdXZw3GYzqPIAgC9Ho9vPHGG/jxj3+ML3zhC/j617+OF154ofRyn3nmGTzzzDP4zne+g5/97Gd44403MsVEjmhbXgURhiGuXbuGe/fu4SBJogTyiL8CbsBCCKDz8ikdEkDfEKSN+fpqeBCn8GKQxnH8cDhEr9fDL3/5S3z00Uf4p3/6J7z22mt49tlnS72C48eP47vf/S6EEPjBD36AyWSSkJOOaFvO8a2tLXz66acYjUY4iDI1rjnEH2dYQJshgDIDkJBaErxscdC2Hn51nzg0iJWB53kJcRj/+5d/+Re8/fbb+NrXvpbMNCwS3/cRBAE8z9NOMHJE23KMX7t2Dbdv3z6wwGftMuAq8Ve9K6DZ4qCAkuyTXikLhpb9aG09CHLmQAiRAqxsteNQ4aOPPsLNmzdx7tw5/OVf/mXhzT9oKxwdJEWwt7eHTz/9FHt7ezjoQiSl2lluCaLrCgBbpcBSjJ9T9UcyMYhuuwKr4UA8lTgei6cVx7xAr9dDEAT48pe/jDNnzpR6AHEtQtn0YkfAdT++trbWSVfepSMBdeBnHT9oJQ2owD09G2hWIiyHA/kNPW0/CHkLlMSgj933Xq+HlZUVrK6u4vXXXzfODMSkklwY5JY6W/w5jUYjfPbZZ9ja2sJhkXQaML8HYNUgwHAuQLoNWGLvVUXQUQigZgE8z0u6CMXg7/f7CfC/+MUv4rnnnsNLL71kfGM2Njbw7rvv4o033kjqAXStx5wi6Pa7b9++jbW1tdS07kMpEvGXqf63WgqsdgTWMANz11/v/tvKAsgSgz4Gfuzm9/v95N+3vvUtnDlzBk8//bTxff3f//1fXLx4Ef/93/+NwWCAvb09jEajVEWgI+C6VxDxQhy2F93cd2FAGfFXkRQ0CgFItvCSO6CrC7D9IOStQaiL7fv9Pp5++mn8/u//Pr71rW9VusHnzp3DO++8g7W1NQyHw1RTkfhfHvnoFEG7CuLhw4f47LPPDqXVz1tvMw/cVbMBRiFAarZfmgJIj1HzrsDqxTJzYu1jBl+N7VdWVvDSSy/h9OnT+NKXvlTJzf+v//ov/Ou//itGo5G2gYg6F8Ax8d2Nh2GIGzdutLbo5n4kAVMAZ5kUhH6KsJ0QgLLKQI78SUMWorgjUNHDEF9wvDCIHNvHln5lZQVPP/00nn/+eXz729+udEN/+ctf4uc//znOnz+fAF+29vIiJHlxv2Pi2x3f3t7GtWvXDmxRT11FkEkD6vJ9sUKwwQGQtvY/TQJSqkDIbGWgIoIvjvHjxUHifysrK+j3+/jGN76BP/zDP6xk7QHgRz/6ES5evIibN29mZv+p04DVYiNHwHU3fuPGjaXtz7fIMEDuCqQl/hAvGW6xK7DK9JPiGZBcHFBGXBo+CDH4+/0+VldXsbq6iuPHj+Oll17C2bNnceTIkcpu/o9+9KPE0k8mE4zH4wT0cZ5fJvn2e8/A/agI9vb2cP369UNR1FNX8qr85xbfcilwJsWnTgQCsv0BSjoCmawLGAQBjhw5ghdeeAHf+MY38Oyzz1Z2899991384he/0Mb3spuvs/iOgOt2fH19fV/051s6bYDMWsHQvW1GAqKIBJyXByeLhNZ8EOTwIQgCnDlzBn/+539e2c2/cOFCis1XST1d2/FldfUPuoIYj8e4fv06tre3HaANwoD5vYPeF2A5DLBFApJK+MljhExDADRTBDLbX8XN/+EPf5ix9nFLMXV14SI33ymCbr7j7t27WF9fd0U9BuBPxf85xN+8EtDm4qAZay+FBaS6CM1bgskVfnkrA8lu/jvvvNO5m+8URLPPhGGI69ev7+v+fItmAVRvoEobsIocQJoNgAb4BN3S4dWzAGrXn7zP/fCHP0zc/PF4nGr13aWbr27TrYnoFER62+bmJq5fv+6sftMwgHXEXxsdgZJyX5ntl/wAxUUostqmXYHjGXjx2gDAdN22mM0fDoephT50wFeP1/ZDruMy5DDjoE0prmP119bWDkR/vmUIAzJMYEox2OwIRFBXBJdWA1LIQtJb/youd9zVJ27gceHCBbzzzju4dOlSqrlH3A9QdfOLQN/mjES5RFm9fnk6sU7hHXRFsLOzg1//+tcphe6kfgCQAX7MC3ALTUFVL4AUYkAeI2VpsDprA8rW/8KFC/j5z38Oz/MghEhZehlUi1r5Vz5veUJS3I8g/mysrNT1CQ8D17C2tnbg+vMt1PprXH25SBjG9J8xCUjZFmBS2i+lCAo4u6qLggDAcDhMwCSDXV3Ga1EpPNnq93o9HDlyBCsrK+j1eklHonhRk8FgkApvDjoZORgMcOPGDQwGA4dgS3F/hlzPI/6kqkA7IYD8Iun9l9pY7LZUsMqyEtAVFKkLiS7yIY/Pzfd9rK6u4m/+5m/wta99TfuZv/iLv8DVq1dzlyfvgoDravzOnTsHtj/fMsT/rAkFWJv5szodOLXsBzLrA0h1AE1bgqkrAxVZ+UU9/PL5xR5AUd3CysoKfN/XhkUHqajn5s2b2NnZcahtTQnosCT/rZACQNXpwNBNDkp3DMirAaj6QLVt3W2HACr5p0o8o1HuZrQsZcc2jnX//n3cuXPHpfe6JARZdvPnwOfMtsYhAM1r/aWMQGZMAcYiiLmuH37T1KDs3ew3Iq9oWxiGuHnz5qHqz7cUYUCOq99CT0DS0ADKlGCkMwAmD89BqXSLsxNhGBYeQ9dctMtzbWZp9Oe6tbWFmzdvOqvfMSGYnvwjcQAZpWBrcVBKKwR5XFcTAHTTFXiR43HDEpnpLwJC3HAkzmDUmSWptQYVttniPqIowvr6etKfr6xku03ldOisv4b4a3JbjUIAbf2/GgLE+9RcG3A/jsc8RRRFGAwG+Ku/+iusrq5m0oDD4TCZmVikJOqWEdd/kKqP7+7uYm1tDZPJJFPvYGzBOvZgDpg2yAF/2huwxgHouv+QUhpMSh2AujbAfg4BysbjECC26KPRKEUIyiGCPEGpDo+g41V0IC3KwOR5ZmXjURTh3r17ePDggXZ/E3C35cEcJi9AT/xxihiswgZUnA5MJQuDlBNfB0kRxGPyHASZ6Zevv8j1rzN/IrdbrCHgy4Arjw+HQ9y6dQvD4bDU3TdVBHWUQN74YVEM6Xufbf6RpQJbmQ6cLQmelwHkTwlug4BbFCmo7hfHxfLEn7zwp+rDWga4uoDXXYNu/MGDB7h7926lWN9UERTtU0UJHHTFkL6+rKuvXLXlNCA0BKA6CWheGqhdGqytfPciAF/3nPJc7abnUlZwVdeljot64pCm6fmVKYK2lMBBVQpqGpBzswFWFADlgJ8yJKCJFeoSvG0Sam09XHU7KlfdLw80Dx8+xL1795Jy7DrnV0URtaUETJTCvlMIGg6AkUcI2loclJBtDaYhBkFo3A+ga0VgzzVDJeVn8lAW3cu8bVUIQXV7FEVYW1tLuvKaeCtVlEGZN2BDCZTtU/Z+WRWCLhWYtzaQOQVYIQ2YyferNQAVOgItS/xuIxa3AXhTgk+nIKoooKJtOzs7uH37dtKPocl5d0kA1t3P9PPLpBCIaN7sQ2vk5/G/3a7AynqACRugWSPQdHHQ/Qr4ou+Or12ezFQFTOr+TTMAZdtj8vL27dvJBJ664LcV99uI/ata/SpKYxEKIauU0tY+RQ1WPD0DD0BeB1jSCkTK4qBUOjl4vwNeB+iiGLkqmEyOberu6zwFdfve3h5u376NMAwzRJ+Ne24S91clL5sQgHXOe9F1CdlngBTwM7KTAC1yAKmJvxLQM+y/whB2GQKYFrfUsfB1P1M13VaXWCuz/joPTAiBBw8e4NGjR7Vi/Trn2DYB2DT2r6NE1HqPbryA1PrgktXnDDdgpyegUuiT8gekiUCoWAnYdDyv5VheDYIN17bpcYp4BJtpyKJjj0Yj3L17F6PRyNq12CgDbiP2twFyU4+gC+5Angyknw2o8waskoAptyBbHQhzdrqpq19EbtkEfV1PwTT9VOalmPAAZfcs3ndjYyPpymtLIVYh/7qO/ds4lzpicw4HZ1z9OS+Q5gAslQKT5PrLY+m5ANlKYFv9AOoAtCmLXXf/Ku6gabxvIwsQhiFu377d2OrbUgTLRAA29TaqKorGykCy+pn8v2T+TZ2ASh4AMnF+OiTI6whsu0yzakqurodQxuRXdX3VBydv3DSfbgK6ra0tbGxspIp62p6+uwxlwLa9gDq8QzuKoGjyD6sRgR0SMOUPpBwCSo3VuWATV94UxE24AFvHLzv/PMtflvsvu5/qZ6Iowp07dzAcDgGglOWv6n0cJAKwDde/SuVjJUMCXbqPNSGALQ5A5vyzJIAW+EWMcdGsszyLrXuv3ry65J9J5WKdtF7RA1x2H5qEH8A0vVdUymuLE1lUGbBt0Lbt+lv3DJRlwbMdgc3XCQwq4D/t96emAFBjArAKeE2n01Ydrwv4OiFG3bCkyHIJIXDv3r1Kpbxdkn9l578sxT9NXP86yk43Vnyus8k/BbMBYa8hSLbYR18ARLVc4yZknE13vgkobVuBOhZ4OBzi/v37CMOwdeA38QraJACrhgJt/D62jpnHP3EJN2C9KagmEEiWCdKsDl4JNLZcdlPAl4ULdcBuGq/bTinJHYc2NzeTrrxdg99m3N9UCdhMA5pY+K5Cj9S+mjQgy3MDDFRFDQVAacIPaRIw8QwkYMnZAFuVeSbgz8s+NOECbJJzTeNe+XiTyQQPHjzAeDy2dv6149Ka19Ek9m+TALStTOryGWq2KP27IAkFsr6AmT9gXAmoMv+pjIDOBZAuwITUs2X1m/IDTQDfRuZB/h75Ydjc3MTm5mbroUsZ4diWN9BW8c+yu/5F+IlLgTmH+Ev+b3U2ICk1AKmFQtP7mcTUZTPZitJhTWvxbXghbYHM9HvCMMS9e/cwmUxaLXm2FfM3sY6Lnv1nw/VvqsjMfs95KNBCGhCa6cASCVhi2YuUQVFMXgf8trIBTeLeOtOATWV7exubm5va9N6iYv8q1X9F++2H2X+2P1vLwKR6gSq9AaRxttYRKIf5T03/JcosDKqrCiy7QBOLVnVKbhcusYnn00SEELh//z5Go5HRPVt2RdDGhKAuZv+1ERpU4Xxkm5uXBmS1GrBxCAAN2Yd0DYD8Xn04m5bhluXm6yqDNl18m6AcDAaZUt5liO/biPubkGU2QW7i+tsi/ao+R3mNP1im/GyWAmfJPp2CyAe/ziU2AW3VAqGu5gd0ZXmFEHj48CEGg0Fj78IGd1K3nXnZbMaDMPvPVvFPngLKCwO0M/9tcwBEZuArAlQe+NvqmFNUXmyDpa9iOeoAdjQaYWNjI9OfzwaQu/YUlo0AbJNLaIuf0NN+GuKP0xwA21sclJJ+fxl+IDWWXRugDvir5PuLrFWT8MMG4VgVhMyMra2tTH++ZfFK6sT8y0YA1qkDaJvoK7vebAjAuam+1DYbHoAa4ycnleoBmO4IVEaKNbFkTcDQJAXYRoWgLJPJBA8fPsyk99os8LFtodogAOsApysvwLbrb/TbakGvKAarIYABOShPBy7KADSx+m0A31ZNQFMAbm9vY3t7u/I1L0sGoE0C8DAU/5h0ftJOGJLdgNZKgSmf+lP7AOgAXzYBx+Shb2t+gC23v66SCMOwltXvarJVl5ax7djfpuvfheUv9bYKrb354iBmswEzoC5P9+XVAFRx6euA0ibJ1ybjvru7i+3t7dIMSdehSNlnbZUB28gCVA0F2vAC2gwhZBzFK0vLU4FV4g8l/EB9ErAE5KYPURFY25gf0EVlYB2i7+HDhxiPx5Vc/kVmAOrG/E29gSYA78r1b8vyq1kkmlcAaTkAcJulwIbgo4IVgusqgi4sflcs+2g0wubmpnE1Y9fn10bMb+oN1AXOMrn+bSii/N+0yBuAxaagBaSESTxfJRXYBPzLFvOrVn9rawvD4dAoLFrUeXahCA4KAdhWJWDedGAN7Es4ALOWQIHpSVUNAaqAX3Urq5KCTesG2oqXAWA8HmNrawtRFGkbc3aZmlwGRbBsBKCJR2BLqdRdfaiA50uRglOlUO34QdUTKJvgk0cOFoHapFNPkxh/EVOAmRm7u7tJf74q4G8L+F01BKlb+NOULGujcUlbYUBVxTi/n6zp/s2p5YJaCQHywBmX28pdej3Pq1ULUAXEbbL/TfcPwxDb29tJf75FZSaWoSHIopYBL/IC2gwDmtT9F22fe8ak2H0UTAWwsThoCfDreABNYvsuZgM2CRdkq191/sF+IQKXdSmwNmf/LTKsSs1tUV39zOzfltKAJhYgr6tP3X4ATbkAm9aybHts9U0m8LQB/kXwAaYpwUWtAmSzDqDNGX+VflfF1Z//ZVUN2OEA8lx9hW+sDP5FpQJthgnxPoPBAHt7e7UIzINCBHa1CtB+WPWnLSWrc+4Tb6DeymDlCqBobb/5l7Nx6FAF/FXnB3TdMzCKIuzs7CSlvLbDkzbBbzKbsg1wtLEUmA0voO2ef3Wup9h7Zt064XNvgG21BCvQPjCYwFAFFE3mB3TdM3A8HmNnZyex+nXDEdvLmbW1v801AW0TgG16AcvSOizrc2u8cK17YCsEkL0BnUdgoMFsVAPaKBlu4vrH6T25lNdmj0Jb4F+GhiCLXAVo2Vz/JgRl5v6zqgoki1+tJaBBCCDHGboYRFEKVesA6mYAmjYUqaMQJpNJyuo3ISP3cxbANOZvkwC0NeNwmWb8FTUEUUPxFPHHOv/A1nTgHIuPguWuTHsC2JwoZDuvrjLcg8EgWWp7GcG/H9qCd70M+KKtty3vJXd9wEw7cBmzsFcKnIk18tKANUMAm6nAuqDP+0xM9MVdeZvWJdgOSQ5yFmAZ4/c2ZvxVJ+AY2Yl/nOHlrFYC5jH+KaVQMIlhEYqgqdegs/pdWn/bJcx1PtdVGXAXTUCrhgGL4gtMfq9MDUBeYyBrHkAO8KEBvm6B0KqAt2EB64ItiiLs7e1lltpuI0xZ9nZliy4DthlXL2rBzyaf088GlDHJGuB3kQbk8umGNkIAG4CqspLPaDTCYDBI5jTUBfx+7ltgI+ZvUwksYtUfG2GKndmAc1dfigbS2yt8RS0FoMYZebqmahbAZiqw6vJdQojE6pcpr7ZCgabgX0RbcJO4P28fmwRgU4+g61V/GnlwWoxn04DWOACji9Vo7bohQJukoG77ZDIpLeW1af0PGhHYBLDLPvtvUZZfxRFryb1sK6CqswGMSoELH7ACDiAPOLaqAW1Y3b29PUwmEwDpOft1y5W75AKWAfxVQoNlmf233ySlyFQ3gFnjhZtXA9VKA5puK5sK3EZZsCkAwzDE7u5u7nl2af27ygJ00RBkkasALVvxTxsLhJIEfi0emSvRAEEl4JcRfxoXug7BZ4sU1B0nLuop68rbhTJoG/yLbAiyKALQpuu9iM8WhQDTfzkcQO404aYhQKx18tKACgcgT45p2g3H9vyAOL2na7fcRalyV23L2w4L2moC2hUfYeOYbSwCGj+X6t8M6ZrCXJHFt5EGzCn+KZsGXKYEugCdmt4bjUaNXP4urP9+yQJUifvz9ul6BeBlLP4xCTu0nhfnUYGzvsG2OwIxiicGcQ55WNWdt516i6IIw+FQW8rbVXbioBOBXRCAXXkXXaUA69cEcE65b9YbsBYCpCy+pvMoabyBqv3wbIYG8dhkMsFoNMp1pWyRf/uJCDT9bBsVboua/VcXeIs8ZtnvlIr2i7iB1kIAeXuFtQHqWP6qwBJCYDQaIYoiAPr03qKs/34pB25SAly0/yJm/5l85yKWDav1O0Bf/6/FLVqaDVikGIo6AXdRFhy7/Lat/rIUBS2KDLS5JuCyz/6zuUqRjbkMWiTmTvzhZDawdQ5ADQNUpaBfSdg8b99EETBzY6u/LNZ/2YnAtsqAFzH7b9ksfuk911r9+eQf6yFAKfGX42nYygKYKIIoimrH+o4IbP9BX+bZf4vo/FP1euTlwbmA+EufUosdgThHA3AFkNtQBMyMyWSincDTtfu/yJWMDnoWoKvZf7Yq99qw/Nnj5s0GRDsdgVjWBRLwWdUFKO4K3ARc8lhM9OVN4GmiABZh/Ze1HLiLMuC2SbQu2n13EW7pYgBd/b/VtQFVcMvap8jj0IUAeQ992bi6fTKZpHrx23D791NRUJdEYFXyrw4BWAdsTUlG25xAm5WNqXuvrb+bs34tpAFVV5/Vt/PtpCcBbQE/JvrUIiMTYDcF/X6ZHdhmWFBFGXSxDPiirXOX35vXFyCp+tNxA3bSgHmuPmuUAhs9/Cbj6lgYhphMJoV1/Iv2BBbNBXTJB3RVBmxDySy63bet+6yWAuvD/GpFQdU6AmnigfQQGbv/pmNCCEwmEwghSom+LjwBRwS2SwCW7bMsq/50bfnTC4NkXf14pOopBZXArzD+2TQgax/yul18oijKTNs1Abdtq7+sswNtx/hVST9bMfuiQLzMlj/399G9i3sA1DjVCh6AJgzQcQMG4DcBw2g0Sibw1LXyVT2BRYYCbRKBTUOINsuAFzH7r+uYX53ia0dmFX/a40m9A2woAC7xBuR91Bi9aggQu/w23f2DVhTUNRnYdhlw17P/Fj3jr25b8GQ2YBHbz5a7AicNQRSrr0sCgMv7ARQ96GEYJqW8psBvGvfXzQQs4+zALviAtpqBtDX7z5ZFb3PGX6XfMicNyLHVtx4CZNYdLkgDglPti8q12dyqVGX4l9UTaKoM9gsR2IT8qwvORfT8azM8MPV88veVmn8UA7dJCKA5EGtOQgKz53lGLcHi5pxRFOVmDbryBBYRCtgKB7oGf9W4X7e97TRgl5Z/EWQh5y7+M/cErHIArHc6MtuKCoFUbTYej0uLehapCKoqhbas/yLKgbtYE7DN2X9dKb8uZhWmv4cLGIDqHUEqNAXV2XsUFh3p1gkEprP35Fh/WRXAYSYCu1oTsK3Zf/u5+KeMA9ChlFtLAyrEH+W4BbJeylsclJkRhmHqh9EpimX2BGwog6ZcwCLIQFtlwHVifZtewDLX/Vf7DWNXvzrxV5kDSH1JZjag/hRUQAkhChn+/aIAlnl2YFd8QNvVf126110v9NE8BJhzAPkeQRshgBIPsJ4L1D74sdUvAmnbCuCgFwUtggjschWgZWn9vWi+wZTcs+gBQFP1RwXb9A9IGci7UgBdZwKWlQjsigxrqxNwWwtzLIvlz1eyds/DjAMgDeOvaQxiSgLuVwWwbLMD64C/rYYgbS0D3gYQ95M3UFwH0IECmAKfNMQfZ0KB+G9cB3DixAk89dRTrTPzy7DYx35sAJrbc77hg2by+bx9dOMmY1Xem26r8rrOdpNt8WS4tjy9irMB0y91HYHibrwnTpzAX//1X+Po0aNw4sRJPRmNRviP//gPnD9/vpXjV0wDcm4NQDweBAHOnDmDr3zlK+7Xc+KkoayuruL111/HV77yFfzjP/5jmn/rxgPQxPg8pwJlpfD444/jxRdfwuc+9wT29vZAnofAD1LhRJFnoV/moNgjyc2Ccs7c6dwDcynFwlx8dmxwPWrtRKnTxfkXX7Y9/7K5xncq51z+wxj9omz0E5l/Z9EquYanbLIhfTfUephZVQ4zQ7D8HtIy32LG6PN87oyyD+I8/2zsj//Py9ja2uyaA8gSf6wLAhjo9/rwPA+TMITnefCY4ZGXC3wuAQqXbtM8UGUgLdjOZUqBCx5PrgJSzjlm/oNlso0LgF8G3vLP6hFWBFIu1sjpz3KJiigCqcFnucBKcIkFyduuozEScIs5+JkZLKaAn/b3FxBiPpEn7vkP1n0mvU+/vwJhkQyslAbUFv1w2hpz5ifgFoDP1a2zA357wOcSG78I4JeAtx7wy9pu5c3OU0m/5QkxDNOAeiDPi4K4fH7AUgDfTCl0C/xyd94BvwJAGwK/MIQoCgU4/5liRsOC3UUqgJzpwHF6MG9+QKIUioDPJRGaA36nwOca4C0DfqVt+xj4+vvMWPZyg2ppwAwHoCflpqqBSom/pQJ+UYhQF/g1CbxWgV/IS3J9pVAh/j/IwF9WV7+5AlBjfM4qBRn4OU0EHPAd8A22NQF+Q+KvNvCLmnTucwVQ3IZQTwwyZR++/Qv8cqVwEIBfKYY3BH418s7ss0XgrQv8YtxybW9g3ysAbYyfygikJwbFhAfN2cN9Afy68X8psC0Dv5lScMB3wK8TAiig11r8FPBzHtiGwK+b6tt3wLfuDVR317sBvln874C/SAUwmw2InPz/3AfQKwUH/H0OfEPGv1PgNyD+uKQc8LAAv0IIIM0GTN1jzq0IZAaYJG+gE+BXIO86A35x/O+A74DftpTNIKy8OCgXpAF5Rv6l/AJ2wHfAd8Df9xyAsiRoehtlVg7MRdVCgF8j1VeHtV848C1V5hXF/w74hy0ESKy6Zjwh/kjPD1A5eB3wDyjwDRj/urX4DvidegCsjfFzVwxKFQXxPgB+/Tz9fgJ+Xca/boFOXeDXZfzrA/twAr86B1DC+OfOFqwIfLZcmVcW/9cFPtcGb5McvwO+A75d8fKYw6RRZ14PAE6TgpxL9HEmbNB5F4XboFsHTepJWLQt46wUfS6GIRdvy3WA5hOgSrex9qgFjhVnln5W7lBqe2bx9qLPMqfSulmlwaXbtN8JqcmFFvgF22LFkLOdOX9RzPxtJtsPmQeQkyZIBo8eOwqPCJ7vT5t8EE2bfnre9P3sHxHB930QETzPh0c07QgU+MWufpnFL4roLFt8mFj8Iv/GchhgbLVhdDsL4382+N5KxF+1S6pE/FW36OXdnmzJfD4Ag4Xc0UfMFJrUJWh2PYLFzOBIzUCkz1fZJ/6OeBuyPcRYFwJQngL4+7//+4sEkB8E8MjD1Ckg+N5UKcyATzRTEgSC7/kgj+iJJx7/0mBv8MnsBlDaG2CSzmT+mpkiZmB6LTT1SAARhSQBmCTPgWZafV6xLJjml8AUt1+Kv1darYgAQMSdi6YnSkQEIQRi3SgAYsGAZqHG6Q7TG52aCELJ9yVeVar7q/RC2kaFrr60uEoKLLPxUsVAlGV2ad6Canrs9HHlc483J9uScWl74rFxdmEOMQei53k8/w5OtpN0THk7kG2L7fs+M4vUFavrChARs0gvV+/5PmvWJGAg6WjN098/+b3Ziz1iotmlEzyPOP6O2UHgzb5v2huXOFFMBCbyQACi6cMEIoBAzDNwewSOOwVNH/oYyslzMt135plP79e0cZiqAIiASAgdtjNAJwA4e/YsAcD29jaGwyFGoxGFYYiTJ0/S7u4uoiiiY8eO0Wg0wmQyodXVVRqNRhRFEfV6PZpMJhQEgReGIfm+T1EUeZ7nERF5URSR53leFEUeTcUTQngAPCGER0QeEVE8Fm+X/+aNMbMHwGNmb/o7Ecl/pdc0249mGiAeS17THF0kKRRSbiLJYNUpzZz3mQe0bF/LUuc7OjGauhDUcN/M+9lnWRdLzoAaKx6W3ievpXExfWyYiUgQkYhfy2Oz/QQzC2YWnuel/urGAMSvOR6XxgQzs+/7QgghpkqOhRCCfd8XURRxEAQchqHo9Xo8mUzY931eWVnh4XDIvV6PV1ZWsLOzw77v89GjR7G+vs5BEGBlZYVXV1fx+OOPAwDOnTvH9L3vfY/u3btH29vb+MIXvoCdnR06ceIEdnd3aXV1FcPhkPr9Pu3u7qLX6xEACoKAdnd3KQYuABJCeCsrKySEIGb2hBCeEMLzfZ+EEDEQc//GoJbe++p+6mvP82IFQLEiUF/P/slKIAV4ZibJK6CZ9aHYWygBEJW7hLzYZXsOgCQWtrqyYvUYM/DGL0FELAE9pRBmboKQlEgM+tTrqe0SQlIUmdczoEfK+9R23V/P80QURex5nvA8Lx7j0WjEM8XBsSI5evQoh2HIAHgymfDRo0cxHo95dXWVh8Mhjh49ynfu3MGxY8f46tWrePzxxxE888wzBAAnT57E+vo6jh8/js8++4x+93d/V7V+CXgki4/hcEhBEJAMthh8URRREAS5oI8t9+y1LwE3Zd2l1750/MTKy2PSOZCiBPL+6a6zEPBpV7zc0i966a79LLK3VeIZkPK7sOq5QW5mPf8rb9P9i7cJ6Tlh6bWYhQmZ5ypnbUKavqXMs5QOp+Z/wzAUvu+TRNqL+LzDMMTq6iqHYUi9Xg+TySRzX+LXm5ub9Nxzz/HGxgZeeeUVrK+vIzh16hR//vOfpytXruDUqVM4duwYHn/8cT569CgNh0OeTCY4efIkjUYjZmaaaRhaWVnhmfXk2WIgPDvZ2D3yZrEUz7RW7gXObojQrQ0n3xhJc8ca2ouPq4JUduclL4BnN1H+S5KFIMVikPIAsnTuqbEcsFNelsUgLDgs1t30XnCecpVAxir3IIcF8pj0Xk5exMASs20p6694BIn7H1v/2GrP9s28lz8Tu/rxNp31F0KI2UOeWHlm5iAIYu8kxheIiEejEQBwEAQgIl5ZWcH6+jr3ej1eXV3F7u4unzhxAjs7O3j48CFeeumlKQl49uxZBkBnz57FxYsX+Xd+53fQ7/dx79496vf7cVxBOzs7ot/vU6/XE0EQYDwew/d9TCYTbxaXUBAEYub+C8/zvCAIkhDA8zyS3ffYA5i5Rt6Ug/EyLr7k6ieeAwCKxyWvgmTPYfZ9CScw0wsZryDeJpGEufF/rLDU51hWDIoV0j7syn5aEJh4DlVDDMNjWnfRy64pdsfLziHeTzIenN2Fc3kAydVPjIlq9WdgleN/FlN2LgVeFaySosgoBzlEmO2bGp9y0ql9YsMpwjDkGZ44fj/DG/d6PRFFEfr9vgjDEJPJhMfjMR87doxHoxH/1m/9FsbjMT7/+c/zeDzmwWCAb3/72zh37hzOnj3LKQv3/e9/H9/73vcAgC5evIgjR46g3+9TEAQIgoD8WSrQ933a2tqi48ePY0b00WAwoPi153nkeR6Nx+PZW49WVlZoMpnEIKUZIZiAVhlLXPwZj+CpSkSjFEgBvrydZHJQ2pekbYmLJfMFsnIoCRV0fAFpwGJEFtYk77qMNdjivqxDcM4+XDDGyJYkJCCX4nrIJJ+0PQV8aVsKmHL8nwN2luL3hPCTPQPf94Vs1ZUx7vV6YjQa8cwJEP1+n4UQ8XsWQvCRI0eS1xsbG3jiiSc4iiIWQiCKIoRhyGEYIgb+888/DwAs4VxJXWkeonPnztHZs2cBAB9++CFOnTqVesDv3LmDEydO0MbGBh0/fhybm5vkeR7NmEba29sjyfqmXksWOLHKYRh6vV6PZt6EF0URAfBmPEPMLcRATsX9ujHP82iWbUgUjZoZmHkTyfnMshG5nEG87+yYecpBDicoh1AkxV0lNSWYTsOR1uKr401X4zX9vBr+qOOa47A0xsoxWUfcKV/AOpDHbnLsEivbU/9i4kzaN8P4S+z8bC0PkXH9deFAzN7HY7NwWfi+z2EYiiAIeDKZcBAEQvU2ZEUlKyVm5scee4wB8Pb2NoQQ/LnPfY43NjZw/PhxvnPnDp84cSJ1/yScJpY+lxw1dPdMGPDkoV5fX8fJkyfzrGTR66r/vJnSoCAIvLzt8WshRAx0L2cf7eelz2X+SdtS1yFxBCRnF2TXXwk3Sr0JheTSjVGOy2wUOuhc+bzPS+DLuOKasSKrnXLLJRdfjt3VNF4CfiFEAn71n7JNFBB9qVhf+pzI2YcBJKA2OH7ZP5S8BgCWcMWGadHSNCs1JKCopsIoeujrKg0TRQKJSfUaKh9UzCyUego5743DC9NaBEsuf103XX3AUQEIhda9ZJsJCIXytwpwK4HZ4H4ZA7povIzzoZYZaGqoPHK9DM14mVKpq2CKPl/lWFX+lo2ZgL0NPoArvOeKisHkbxmoqnzGFKBcQZGZWudKIC7b1iTNTEuSgiIL+5gAoK5yMR0ny8duw9JTDaDb8gxQAzAm42z52KbWly3cx2YueMMakwDLIU1uFFU4BjUESR3Gnlr4ni6zA9zR71jV+nEL39PmdS+lBNj/0sYP1dR9bjMdRwfsN+n62G4i8AFTAIf5IaNDAnonbT1A7DojOHFyaMVzt8CJE6cAnDhx4hSAEydOnAJw4sSJUwBOnDhxCsCJEydOAThx4sQpACdOnDgF4MSJE6cAnDhx4hSAEydOnAJw4sSJUwBOnDhxCsCJEydOAThx4sQpACdOnDgF4MSJE6cAnDhx4hSAEydOnAJw4sSJUwBOnDhxCsCJEydOAThx4sQpACdOnDgF4MSJE6cAnDhxYlH+P+B5MeB+eNGIAAAAAElFTkSuQmCC);background-position:right top;background-repeat:no-repeat;}#Logging_Task_Status{width:520px;margin:40px auto 60px auto;}#Logging_Task_Status th.process{text-align:left;font-weight:600;background-color:#f4f4f4;min-height:30px;vertical-align:middle;}#Logging_Task_Status td.description{font-size:.9em;min-height:60px;}#Logging_Task_Status td.progress{padding:8px 10px;}#Logging_Task_Status td.finishedMessage i{display:none;}#Logging_Task_Status td.finishedRedirect{position:relative;}#Logging_Task_Status td.finishedRedirect i{color:#1e6dab;position:absolute;right:10px;top:calc(57% - .5em);display:inline-block;}#Logging_Task_Status td.exception{background-color:#ffd8d8;}div.logEventsViewport{border:1px solid #bbb;-moz-border-radius:4px 4px 0 0;-webkit-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0;}div.logEventsViewport div.logEventsViewportContainer{overflow-y:auto;overflow-x:hidden;}div.logEventsViewport div.logEventsViewportContainer .logEventsViewportNoLogs{padding-top:20px;text-align:center;font-style:italic;}div.logEventsViewport table.logEventsViewport{padding:0;margin:0;background-color:#bbb;table-layout:fixed;}div.logEventsViewport table.logEventsViewport>thead>tr{background-color:#eee;}div.logEventsViewport table.logEventsViewport>thead>tr>th{padding:4px 2px;font-weight:600;border-bottom:1px solid #bbb;}div.logEventsViewport table.logEventsViewport>thead>tr>th.icon{width:20px;}div.logEventsViewport table.logEventsViewport>thead>tr>th.timestamp{width:155px;}div.logEventsViewport table.logEventsViewport>thead>tr>th.eventType{width:180px;}div.logEventsViewport table.logEventsViewport>tbody>tr{background-color:#fff;}div.logEventsViewport table.logEventsViewport>tbody>tr:nth-child(even){background-color:#eee;}div.logEventsViewport table.logEventsViewport>tbody>tr>td{padding:2px;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.icon{width:20px;vertical-align:middle;text-align:center;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.icon>i{display:block;font-size:1.2em;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.icon>i.fa-info-circle{color:#1e6dab;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-triangle{color:#f0a30a;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-circle{color:#e51400;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.timestamp{width:155px;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.eventType{width:180px;}div.logEventsViewport table.logEventsViewport>tbody>tr>td.message{white-space:pre-wrap;}#enrolStatus #sessions .session{width:280px;padding:4px 4px 4px 72px;margin:8px;border:5px solid #efefef;-moz-border-radius:0 20px 0 0;-webkit-border-radius:0 20px 0 0;border-radius:0 20px 0 0;background-color:#f5f5f5;background-repeat:no-repeat,no-repeat;background-position:36px 36px,4px 4px;-moz-background-size:32px,64px;-o-background-size:32px,64px;-webkit-background-size:32px,64px;background-size:32px,64px;min-height:72px;cursor:pointer;}#enrolStatus #sessions .session>h3{padding-bottom:3px;border-bottom:1px dashed #ccc;}#enrolStatus #sessions .session>h3 span.details{font-size:.8em;}#enrolStatus #sessions .session>h3 span.pending{float:right;color:#f0a30a;}#enrolStatus #sessions .session>p.sessionStart{color:#888;font-size:.8em;margin-bottom:2px;}#enrolStatus #sessions .session>p.sessionStatus{font-size:.9em;height:1.6em;overflow:hidden;margin-bottom:3px;}#enrolStatus #sessions .session:hover{border:5px solid #6c7a87;background-color:#dfe1f8;}#dialogSession .sessionHeader{float:left;padding:0 0 0 134px;background-repeat:no-repeat,no-repeat;background-position:96px 96px,0 0;-moz-background-size:32px,128px;-o-background-size:32px,128px;-webkit-background-size:32px,128px;background-size:32px,128px;min-height:134px;}#dialogSession .sessionHeader>h2{padding-bottom:0;}#dialogSession .sessionHeader>table{margin-top:4px;}#dialogSession .sessionHeader>table th{width:128px;text-align:right;}#dialogSession .sessionHeader>table td,#dialogSession .sessionHeader>table th{padding:1px 2px;}#dialogSession .sessionProgress{width:320px;position:absolute;right:1em;text-align:right;}#dialogSession .sessionProgress>p.sessionStart{color:#888;margin-bottom:0;}#dialogSession .sessionProgress>p.sessionStatus{height:1.6em;overflow:hidden;margin-bottom:0;}#dialogSession .sessionProgress code{font-size:2em;color:#e51400;}#dialogSession .sessionProgress .reason{width:160px;}#dialogSession .sessionInfoContainer>div{float:left;width:428px;overflow:auto;}#dialogSession .sessionInfoContainer .sessionInfoMessages{height:374px;border:1px solid #bbb;-moz-border-radius:4px;-webkit-border-radius:4px;border-radius:4px;background-color:#fff;}#dialogSession .sessionInfoContainer .sessionInfoMessages div.logEventsViewportContainer{overflow:auto;}#dialogSession .sessionInfoContainer .sessionInfoMessages div.logEventsViewportContainer .logEventsViewportNoLogs{padding-top:20px;text-align:center;font-style:italic;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport{padding:0;margin:0;background-color:#fff;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>thead>tr{background-color:#eee;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>thead>tr>th{padding:4px 2px;font-weight:600;border-bottom:1px solid #bbb;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>thead>tr>th.icon{width:20px;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>thead>tr>th.timestamp{width:155px;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>thead>tr>th.eventType{width:180px;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr{background-color:#fff;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr:nth-child(even){background-color:#eee;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td{padding:2px;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon{width:20px;vertical-align:middle;text-align:center;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i{display:block;font-size:1.2em;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-info-circle{color:#1e6dab;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-triangle{color:#f0a30a;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-circle{color:#e51400;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.timestamp{width:155px;}#dialogSession .sessionInfoContainer .sessionInfoMessages table.logEventsViewport>tbody>tr>td.eventType{width:180px;}#dialogSession .sessionInfoContainer .sessionInfoConsole{margin-left:6px;background-color:#222;color:#0f0;font-family:Consolas,"Courier New",monospace;border:4px solid #ccc;-moz-border-radius:4px;-webkit-border-radius:4px;border-radius:4px;padding:2px;height:364px;}#Config_DocumentTemplates_Show>div.form>table>tbody>tr>th{width:140px;}#Config_DocumentTemplates_Show #DocumentTemplate_FilterExpression,#Config_DocumentTemplates_Show #DocumentTemplate_OnGenerateExpression,#Config_DocumentTemplates_Show #DocumentTemplate_OnImportAttachmentExpression{height:16px;min-height:16px;overflow:hidden;font-family:Consolas,"Courier New",monospace;}#Config_DocumentTemplates_Show #Config_DocumentTemplates_Scope_Button{margin-top:4px;}#Config_DocumentTemplates_Scope_Dialog div.input{margin:14px 10px 20px;}#Config_DocumentTemplates_TemplatePdf_Dialog div{text-align:center;}#Config_DocumentTemplates_TemplatePdf_Dialog div input{margin:16px 0;}#Config_DocumentTemplates_JobSubTypes{border:1px dashed #d8d8d8;background-color:#fff;padding:4px;margin-top:6px;}#Config_DocumentTemplates_JobSubTypes>h4{margin-bottom:4px;}#Config_DocumentTemplates_JobSubTypes #Config_DocumentTemplates_JobSubTypes_Update{margin-top:4px;}#Config_DocumentTemplates_JobSubTypes_Update_Dialog #Config_DocumentTemplates_JobSubTypes_Update_Dialog_Types{margin:0 0 8px 0;}#Config_DocumentTemplates_JobSubTypes_Update_Dialog .jobTypes{padding:6px 0;}#Config_DocumentTemplates_JobSubTypes_Update_Dialog .jobTypes .jobSubTypes{background-color:#f2f2f2;border-left:4px solid #d8d8d8;padding:4px 0 4px 8px;margin:4px 0 0 6px;}#Config_DocumentTemplates_JobSubTypes_Update_Dialog .checkboxBulkSelectContainer{font-size:.8em;}#DocumentTemplate_OnImportUserFlagRules_AddDialog .distribute-evenly{display:flex;justify-content:space-around;margin:1em 0;}#DocumentTemplate_OnImportUserFlagRules_AddDialog textarea{width:99%;}#DocumentTemplate_OnImportUserFlagRules_AddDialog .mt-1{margin-top:1em;}.dialog-bulk-generate .brief{margin:0 0 8px 0;}.dialog-bulk-generate .brief .scopeDescBulkGenerate{font-weight:600;}.dialog-bulk-generate .brief div.examples{margin:8px auto;width:360px;}.dialog-bulk-generate .brief div.examples div{margin:2px 4px 2px 0;width:230px;float:left;}.dialog-bulk-generate .brief div.examples div.example1{width:100px;}.dialog-bulk-generate textarea{box-sizing:border-box;width:100%;height:200px;margin:0 auto;}.dialog-bulk-generate .sub{margin-top:.75em;}#Config_DocumentTemplates_Show_DownloadBulk_Dialog{padding-top:20px;text-align:center;}h1.Config_DocumentTemplates{margin:10px 0 6px;}#Config_DocumentTemplatePackages_Show>div.form>table>tbody>tr>th{width:140px;}#Config_DocumentTemplatePackages_Show #Package_FilterExpression,#Config_DocumentTemplatePackages_Show #Package_OnGenerateExpression{height:16px;min-height:16px;overflow:hidden;font-family:Consolas,"Courier New",monospace;}#Config_DocumentTemplatePackages_Show #Config_DocumentTemplatePackages_Scope_Button{margin-top:4px;}#Config_DocumentTemplatePackages_Show #Config_DocumentTemplatePackage_List{list-style-type:decimal;list-style-position:inside;background-color:#f2f2f2;border:1px solid #d8d8d8;}#Config_DocumentTemplatePackages_Show #Config_DocumentTemplatePackage_List li{padding:6px 8px;}#Config_DocumentTemplatePackages_Show #Config_DocumentTemplatePackage_List li:not(:first-child){border-top:1px dashed #d8d8d8;}#Config_DocumentTemplatePackages_Show #Config_DocumentTemplatePackage_List li .id{font-family:Consolas,"Courier New",monospace;float:right;}#Config_DocumentTemplatePackages_Scope_Dialog div.input{margin:14px 10px 20px;}#Config_DocumentTemplatePackages_JobSubTypes{border:1px dashed #d8d8d8;background-color:#fff;padding:4px;margin-top:6px;}#Config_DocumentTemplatePackages_JobSubTypes>h4{margin-bottom:4px;}#Config_DocumentTemplatePackages_JobSubTypes #Config_DocumentTemplatePackages_JobSubTypes_Update{margin-top:4px;}#Config_DocumentTemplatePackages_JobSubTypes_Update_Dialog #Config_DocumentTemplatePackages_JobSubTypes_Update_Dialog_Types{margin:0 0 8px 0;}#Config_DocumentTemplatePackages_JobSubTypes_Update_Dialog .jobTypes{padding:6px 0;}#Config_DocumentTemplatePackages_JobSubTypes_Update_Dialog .jobTypes .jobSubTypes{background-color:#f2f2f2;border-left:4px solid #d8d8d8;padding:4px 0 4px 8px;margin:4px 0 0 6px;}#Config_DocumentTemplatePackages_JobSubTypes_Update_Dialog .checkboxBulkSelectContainer{font-size:.8em;}#Config_DocumentTemplatePackages_Templates_Dialog h3{margin-bottom:4px;}#Config_DocumentTemplatePackages_Templates_Dialog>div{width:374px;float:left;}#Config_DocumentTemplatePackages_Templates_Dialog>div:first-child{margin-right:20px;}#Config_DocumentTemplatePackages_Templates_Dialog .templates_connected{min-height:200px;}#Config_DocumentTemplatePackages_Templates_Dialog ol{list-style-type:decimal;padding-left:24px;border:1px solid #d8d8d8;background-color:#f2f2f2;}#Config_DocumentTemplatePackages_Templates_Dialog li{background-color:#fff;border:1px solid #d8d8d8;margin:4px;padding:2px 4px;-moz-box-shadow:0 0 5px rgba(209,209,209,.5);-webkit-box-shadow:0 0 5px rgba(209,209,209,.5);box-shadow:0 0 5px rgba(209,209,209,.5);cursor:default;}#Config_DocumentTemplatePackages_Templates_Dialog li:hover{background-color:#cddbec;border-color:#1e6dab;}#Config_DocumentTemplatePackages_Templates_Dialog li .id{font-family:Consolas,"Courier New",monospace;color:#888;float:right;font-size:.9em;}#importStatus #sessions .session{padding:4px;margin-bottom:10px;border:1px solid #efefef;-moz-border-radius:4px;-webkit-border-radius:4px;border-radius:4px;background-color:#f5f5f5;min-height:72px;}#importStatus #sessions .session .sessionLeftPane{width:48%;float:left;}#importStatus #sessions .session .sessionLeftPane>h3{padding-bottom:3px;border-bottom:1px dashed #ccc;}#importStatus #sessions .session .sessionLeftPane>h3 span.details{font-size:.8em;}#importStatus #sessions .session .sessionRightPane{width:48%;float:right;text-align:right;}#importStatus #sessions .session .sessionRightPane>p.sessionStart{color:#888;font-size:.8em;margin-bottom:2px;}#importStatus #sessions .session .sessionRightPane>p.sessionStatus{font-size:.9em;height:1.6em;overflow:hidden;margin-bottom:3px;}#importStatus #sessions .session .sessionPages>.sessionPage{min-height:56px;min-width:256px;float:left;margin:3px 0 3px 0;padding:170px 0 0 0;background-color:#fff;-moz-border-radius:2px;-webkit-border-radius:2px;border-radius:2px;border:1px solid #eee;background-repeat:no-repeat;background-position:center top;}#importStatus #sessions .session .sessionPages>.sessionPage>.sessionPageDetails{height:84px;padding:2px 4px 0 4px;background-color:rgba(255,255,255,.8);}#importStatus #sessions .session .sessionPages>.sessionPage>.sessionPageDetails p.sessionStatus{font-size:.9em;height:1.6em;margin-bottom:3px;}#importStatus #sessions .session .sessionInfoMessages{margin-top:6px;border:1px solid #bbb;-moz-border-radius:4px;-webkit-border-radius:4px;border-radius:4px;background-color:#fff;}#importStatus #sessions .session .sessionInfoMessages div.logEventsViewportContainer{max-height:220px;overflow:auto;}#importStatus #sessions .session .sessionInfoMessages div.logEventsViewportContainer .logEventsViewportNoLogs{padding-top:20px;text-align:center;font-style:italic;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport{padding:0;margin:0;background-color:#fff;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>thead>tr{background-color:#eee;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>thead>tr>th{padding:4px 2px;font-weight:600;border-bottom:1px solid #bbb;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>thead>tr>th.icon{width:20px;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>thead>tr>th.timestamp{width:155px;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>thead>tr>th.eventType{width:180px;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr{background-color:#fff;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr:nth-child(even){background-color:#eee;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td{padding:2px;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon{width:20px;vertical-align:middle;text-align:center;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i{display:block;font-size:1.2em;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-info-circle{color:#1e6dab;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-triangle{color:#f0a30a;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.icon>i.fa-exclamation-circle{color:#e51400;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.timestamp{width:155px;}#importStatus #sessions .session .sessionInfoMessages table.logEventsViewport>tbody>tr>td.eventType{width:180px;}#undetectedPagesContainer #undetectedPages{list-style:none;margin:0;padding:0;}#undetectedPagesContainer #undetectedPages>.undetectedPage{float:left;margin:4px;border:1px solid #f4f4f4;background-color:hsl(0,0%,98.5%);height:256px;width:256px;background-position:top center;background-repeat:no-repeat;cursor:pointer;}#undetectedPagesContainer #undetectedPages>.undetectedPage>.pageDetails{margin-top:232px;height:24px;text-align:center;}#undetectedPagesContainer #undetectedPages>.undetectedPage:hover{border:1px solid #d8d8d8;background-color:#f4f4f4;}#undetectedPageDialog>.pagePreview{height:700px;max-height:700px;background-position:top center;background-repeat:no-repeat;background-size:contain;}#undetectedPageDialog .actions{border-top:1px solid #d1d1d1;padding-top:8px;margin-top:8px;text-align:right;}.deviceBatches #DeviceBatch_PurchaseDetails_Container{padding:5px 0 5px 5px;}.deviceBatches #DeviceBatch_PurchaseDetails{width:570px;height:200px;}.deviceBatches #DeviceBatch_WarrantyDetails_Container{padding:5px 0 5px 5px;}.deviceBatches #DeviceBatch_WarrantyDetails{width:570px;height:200px;}.deviceBatches #DeviceBatch_InsuranceDetails_Container{padding:5px 0 5px 5px;}.deviceBatches #DeviceBatch_InsuranceDetails{width:570px;height:200px;}.deviceBatches #DeviceBatch_Comments{width:570px;height:200px;}.deviceBatches #DeviceBatch_Attachments{border:1px solid #ccc;background-color:#fff;position:relative;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput{position:relative;height:200px;overflow:auto;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a{display:block;float:left;height:48px;width:221px;padding:2px;margin:2px;font-size:.95em;border:1px solid #fff;color:#000;text-decoration:none;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.comments,.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.author,.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.timestamp{display:block;float:left;width:168px;overflow:hidden;white-space:nowrap;text-overflow:ellipsis;height:16px;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.author{color:#888;width:150px;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.timestamp{color:#888;font-style:italic;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.icon{display:block;float:left;height:48px;width:48px;margin-right:2px;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.icon img{height:48px;width:48px;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.icon img.loading{display:none;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a:hover{background-color:#ededed;border:1px solid #ccc;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a:hover span.remove{opacity:.5;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.remove{font-size:1.2em;color:#e51400;margin-left:2px;cursor:pointer;opacity:0;}.deviceBatches #DeviceBatch_Attachments div.attachmentOutput>a span.remove:hover{opacity:1;}.deviceBatches #DeviceBatch_Attachments.cannotAddAttachments div.attachmentOutput{height:250px;}.deviceBatches #DeviceBatch_Attachments div.attachmentInput{border-top:1px solid #ccc;height:40px;background-color:#fff;padding:5px;}.deviceBatches #DeviceBatch_Attachments div.attachmentInput span.action{color:#333;display:block;margin:0 4px 0 0;font-size:1.5em;cursor:pointer;float:right;border:1px solid #fff;padding:.5em;}.deviceBatches #DeviceBatch_Attachments div.attachmentInput span.action:hover{color:#335a87;background-color:#ededed;border:1px solid #ccc;}.deviceBatches #DeviceBatch_Attachments div.attachmentInput span.action.disabled{color:rgba(51,51,51,.2);cursor:default;}.deviceBatches #DeviceBatch_Attachments div.attachmentInput span.action.disabled:hover{color:rgba(51,51,51,.2);background-color:inherit;border:1px solid #fff;}#plugins .pageMenuArea a>h3{display:inline;color:#335a87;}#plugins .pageMenuArea a>h3:hover{color:#5e8cc2;}#plugins .pageMenuArea .pageMenuBlurb{padding-left:18px;}#plugins .pageMenuArea .pageMenuBlurb i{font-size:.9em;}#plugins #pageMenu td .pageMenuArea:not(:last-child){padding-bottom:5px;margin-bottom:10px;}#plugins #pageMenu td .pageMenuArea>a,#plugins #pageMenu td .pageMenuArea>h3{color:#333;}#plugins #pageMenu td .pageMenuArea>a:hover,#plugins #pageMenu td .pageMenuArea>h3:hover{color:#335a87;}#dialogUninstallPlugins #uninstallPlugin{margin:.5em 0;}#dialogUninstallPlugins #uninstallPluginData{margin:.5em 0;}#dialogUninstallPluginConfirm #uninstallPluginConfirm{text-align:center;margin:1em 0 .5em 0;}#dialogUninstallPluginConfirm #uninstallPluginDataConfirm{margin-top:1em;}#pluginLibraryHeading{float:right;}#pluginLibrary #pluginLibraryGroups{width:900px;margin:0 auto;column-count:2;}#pluginLibrary #pluginLibraryGroups>div{display:inline-block;}#pluginLibrary #pluginLibraryGroups div.form>table{margin:0 10px 10px 4px;width:calc(100% - 14px);}#pluginLibrary .pluginItem .pluginItemBlurb{margin:8px 0 8px 2px;padding:0 4px;border-left:4px solid #d1d1d1;}#pluginLibrary .pluginItem .pluginItemBlurb *{padding:0;margin:0;}#pluginLibrary .pluginItem .pageMenuBlurb i{font-size:.9em;}#pluginLibrary .pluginItem>h2:first-child{min-height:22px;}#pluginLibrary .pluginItem>h2:first-child i{font-size:.9em;padding-right:4px;color:#333;}#pluginLibrary .pluginItem>h2:first-child a{float:right;font-size:12px;}#dialogInstallPlugin div.info-box{margin-top:1em;}#dialogUploadPlugin #pluginFile{margin:1em 0 1em 6px;}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-node{padding:1px;border:0;}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-node>span.fancytree-icon{background:none;display:inline-block;font-family:FontAwesome;font-size:1.2em;width:14px;}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-ico-ef>span.fancytree-icon:before{color:#9e9e9e;font-size:1em;content:"";}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-ico-cf>span.fancytree-icon:before{color:#9e9e9e;font-size:1em;content:"";}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-ico-c>span.fancytree-icon:before{color:#e51400;content:"";}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-ico-c.fancytree-selected>span.fancytree-icon:before{color:#60a917;content:"";}#Config_AuthRoles_Show #Config_AuthRoles_Claims_Tree span.fancytree-node.fancytree-selected{font-style:normal;background:none;}#Config_AuthRoles_Subjects li,#Config_AuthRoles_Subjects_Update_Dialog_List li{padding:4px 0 4px 4px;}#Config_AuthRoles_Subjects li i.fa-user,#Config_AuthRoles_Subjects_Update_Dialog_List li i.fa-user,#Config_AuthRoles_Subjects li i.fa-users,#Config_AuthRoles_Subjects_Update_Dialog_List li i.fa-users{min-width:22px;}#Config_AuthRoles_Subjects_Update_Dialog{display:none;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_ListContainer{height:280px;overflow-y:auto;background-color:#fff;border:1px solid #d8d8d8;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_None{padding-top:15px;display:block;text-align:center;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_AddContainer{padding-top:10px;padding-left:10px;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_List li{cursor:pointer;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_List li:hover{background-color:#f4f4f4;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_List li:hover .remove{opacity:.8;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_List li .remove{margin-top:2px;padding-right:6px;float:right;cursor:pointer;opacity:0;color:#e51400;font-size:1.3em;}#Config_AuthRoles_Subjects_Update_Dialog #Config_AuthRoles_Subjects_Update_Dialog_List li .remove:hover{opacity:1;}#Config_Lodgment{margin-top:10px;}#Config_ReportPrefs{margin-top:10px;}#Config_ReportPrefs #Config_ReportPrefs_Preview{float:right;width:150px;height:80px;border:1px solid #444;font-size:4px;color:#fff;overflow:hidden;text-transform:uppercase;}#Config_ReportPrefs #Config_ReportPrefs_Preview .heading{height:6px;padding-left:3px;overflow:hidden;background-color:#333;}#Config_ReportPrefs #Config_ReportPrefs_Preview .column-heading{float:left;width:calc(33% - 4px);padding-left:2px;margin:1px 0 0 2px;}#Config_ReportPrefs #Config_ReportPrefs_Preview .column{height:100%;float:left;width:calc(33% - 2px);margin-left:2px;overflow:hidden;background:rgba(255,255,255,.2);}#Config_ReportPrefs #Config_ReportPrefs_Preview .column span{display:block;height:4px;margin:1px;background-color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-default{background:linear-gradient(to bottom,#165180,#1e6dab) left top repeat-x #1e6dab;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-default .column span.alert{background-color:#e51400;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-default-soft{background:linear-gradient(to bottom,#165180,#1e6dab) left top repeat-x #1e6dab;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-default-soft .column span.alert{background-color:#f0e277;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-green{background:linear-gradient(to bottom,#477c11,#60a917) left top repeat-x #60a917;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-green .column span.alert{background-color:#e51400;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-green-soft{background:linear-gradient(to bottom,#477c11,#60a917) left top repeat-x #60a917;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-green-soft .column span.alert{background-color:#e5cc11;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-violet{background:linear-gradient(to bottom,#80c,#a0f) left top repeat-x #a0f;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-violet .column span.alert{background-color:#e51400;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-violet-soft{background:linear-gradient(to bottom,#80c,#a0f) left top repeat-x #a0f;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-violet-soft .column span.alert{background-color:#f0e277;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-magenta{background:linear-gradient(to bottom,#a50058,#d80073) left top repeat-x #d80073;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-magenta .column span.alert{background-color:#1681b4;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-magenta-soft{background:linear-gradient(to bottom,#a50058,#d80073) left top repeat-x #d80073;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-magenta-soft .column span.alert{background-color:#85cdf0;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-crimson{background:linear-gradient(to bottom,#6f0019,#a20025) left top repeat-x #a20025;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-crimson .column span.alert{background-color:#b0cc22;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-crimson-soft{background:linear-gradient(to bottom,#6f0019,#a20025) left top repeat-x #a20025;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-crimson-soft .column span.alert{background-color:#cee077;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-amber{background:linear-gradient(to bottom,#bf8208,#f0a30a) left top repeat-x #f0a30a;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-amber .column span.alert{background-color:#0050ef;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-amber-soft{background:linear-gradient(to bottom,#bf8208,#f0a30a) left top repeat-x #f0a30a;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-amber-soft .column span.alert{background-color:#bbd0fb;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-brown{background:linear-gradient(to bottom,#5c401f,#825a2c) left top repeat-x #825a2c;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-brown .column span.alert{background-color:#e3c800;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-brown-soft{background:linear-gradient(to bottom,#5c401f,#825a2c) left top repeat-x #825a2c;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-brown-soft .column span.alert{background-color:#f0e277;color:#000;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-steel{background:linear-gradient(to bottom,#4e5d6c,#647689) left top repeat-x #647689;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-steel .column span.alert{background-color:#e51400;color:#fff;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-steel-soft{background:linear-gradient(to bottom,#4e5d6c,#647689) left top repeat-x #647689;}#Config_ReportPrefs #Config_ReportPrefs_Preview.theme-steel-soft .column span.alert{background-color:#f0e277;color:#000;}#Config_ReportPrefs_Builder>form>div{margin-bottom:10px;}#Config_ReportPrefs_Builder .report ul{margin-left:10px;}#Config_ReportPrefs_Builder .theme>select{margin-left:10px;}#Config_ReportPrefs_Builder .filter>select{margin-left:10px;}#Config_ReportPrefs_Builder .filter div.options{display:none;background-color:#fff;border:1px dashed #ccc;margin-top:4px;margin-left:15px;padding:2px 6px;}#Config_ReportPrefs_Builder .filter div.options .method{margin-top:4px;margin-bottom:8px;}#Config_ReportPrefs_Builder .filter div.options .method label{margin-right:14px;}#Config_ReportPrefs_Builder #Config_ReportPrefs_Builder_Components{display:flex;justify-content:space-around;}#Config_ReportPrefs_Builder_Buttonpane{padding-right:.3em;}#Config_ReportPrefs_Builder_Buttonpane textarea{float:left;font-family:Consolas,"Courier New",monospace;color:#333;width:calc(100% - 1.2em - 10px);border:1px solid #ccc;white-space:pre;min-height:0;}#Config_ReportPrefs_Builder_Buttonpane i{float:right;cursor:pointer;margin:.3em .2em 0 0;color:#335a87;}#Config_ReportPrefs_Builder_Buttonpane i:hover{color:#5e8cc2;}#Config_ReportPrefs_Builder_Buttonpane .ui-dialog-buttonset{display:none;}#Config_Location{margin-top:10px;}#Config_Location #Config_Location_Unrestricted,#Config_Location #Config_Location_List,#Config_Location #Config_Location_Optional,#Config_Location #Config_Location_Restricted{display:none;margin-top:6px;}#Config_Location_List_Dialog{display:none;}#Config_Location_List_Dialog #Config_Location_List_Dialog_ListContainer{height:280px;overflow-y:auto;background-color:#fff;border:1px solid #d8d8d8;}#Config_Location_List_Dialog #Config_Location_List_Dialog_None{padding-top:15px;display:block;text-align:center;}#Config_Location_List_Dialog #Config_Location_List_Dialog_AddContainer{padding-top:10px;padding-left:10px;}#Config_Location_List_Dialog #Config_Location_List_Dialog_List li{padding:2px 0 2px 4px;cursor:pointer;}#Config_Location_List_Dialog #Config_Location_List_Dialog_List li:hover{background-color:#f4f4f4;}#Config_Location_List_Dialog #Config_Location_List_Dialog_List li:hover .remove{opacity:.8;}#Config_Location_List_Dialog #Config_Location_List_Dialog_List li .remove{margin-top:2px;padding-right:6px;float:right;cursor:pointer;opacity:0;color:#e51400;font-size:1.3em;}#Config_Location_List_Dialog #Config_Location_List_Dialog_List li .remove:hover{opacity:1;}#Config_Location_ListImport_Dialog{display:none;}#Config_Location_ListImport_Dialog #Config_Location_ListImport_Dialog_Overwrite_Container{margin:6px 0;}#Config_Location_ListImport_Dialog #Config_Location_ListImport_Dialog_LocationList{box-sizing:border-box;width:100%;height:200px;margin:0 auto;}#Config_JobPref_General #InitialCommentsTemplate{margin-top:4px;min-width:calc(100% - 43px);min-height:40px;height:auto;field-sizing:content;}#Config_JobPref_Expressions{margin-top:10px;}#Config_JobPref_Expressions textarea{height:16px;min-height:16px;overflow:hidden;font-family:Consolas,"Courier New",monospace;}#Config_JobQueues_Index i{width:1.28571429em;text-align:center;}#Config_JobQueues_Icon{display:block;margin:0 0 10px 10px;}#Config_JobQueues_Icon_Update_Dialog{display:none;}#Config_JobQueues_Icon_Update_Dialog div.colours{text-align:center;font-size:30px;}#Config_JobQueues_Icon_Update_Dialog div.colours i{cursor:pointer;padding:1px;opacity:.9;}#Config_JobQueues_Icon_Update_Dialog div.colours i:hover{opacity:1;}#Config_JobQueues_Icon_Update_Dialog div.colours i.selected{opacity:1;}#Config_JobQueues_Icon_Update_Dialog div.icons{text-align:center;font-size:30px;background-color:#fff;border:1px solid #d1d1d1;margin:6px 0 14px 0;}#Config_JobQueues_Icon_Update_Dialog div.icons i{width:1.28571429em;text-align:center;cursor:pointer;padding:4px 0;color:#333;opacity:.6;}#Config_JobQueues_Icon_Update_Dialog div.icons i:hover{opacity:.9;color:inherit;}#Config_JobQueues_Icon_Update_Dialog div.icons i.selected{opacity:1;color:inherit;}#Config_JobQueues_JobSubTypes_Update{margin:8px 0;}#Config_JobQueues_JobSubTypes_Update_Dialog #Config_JobQueues_JobSubTypes_Update_Dialog_Types{margin:0 0 8px 0;}#Config_JobQueues_JobSubTypes_Update_Dialog .jobTypes{padding:6px 0;}#Config_JobQueues_JobSubTypes_Update_Dialog .jobTypes .jobSubTypes{background-color:#f2f2f2;border-left:4px solid #d8d8d8;padding:4px 0 4px 8px;margin:4px 0 0 6px;}#Config_JobQueues_JobSubTypes_Update_Dialog .checkboxBulkSelectContainer{font-size:.8em;}#Config_JobQueues_Subjects li,#Config_JobQueues_Subjects_Update_Dialog_List li{padding:4px 0 4px 4px;}#Config_JobQueues_Subjects li i.fa-user,#Config_JobQueues_Subjects_Update_Dialog_List li i.fa-user,#Config_JobQueues_Subjects li i.fa-users,#Config_JobQueues_Subjects_Update_Dialog_List li i.fa-users{width:1.28571429em;text-align:center;}#Config_JobQueues_Subjects_Update_Dialog{display:none;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_ListContainer{height:280px;overflow-y:auto;background-color:#fff;border:1px solid #d8d8d8;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_None{padding-top:15px;display:block;text-align:center;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_AddContainer{padding-top:10px;padding-left:10px;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_List li{cursor:pointer;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_List li:hover{background-color:#f4f4f4;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_List li:hover .remove{opacity:.8;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_List li .remove{margin-top:2px;padding-right:6px;float:right;cursor:pointer;opacity:0;color:#e51400;font-size:1.3em;}#Config_JobQueues_Subjects_Update_Dialog #Config_JobQueues_Subjects_Update_Dialog_List li .remove:hover{opacity:1;}#Config_UserFlags_Show #UserFlag_OnAssignmentExpression,#Config_UserFlags_Show #UserFlag_OnUnassignmentExpression{height:16px;min-height:16px;overflow:hidden;font-family:Consolas,"Courier New",monospace;}#Config_UserFlags_Index i{width:1.28571429em;text-align:center;}#Config_UserFlags_Icon{display:block;margin:0 0 10px 10px;}#Config_UserFlags_Icon_Update_Dialog{display:none;}#Config_UserFlags_Icon_Update_Dialog div.colours{text-align:center;font-size:30px;}#Config_UserFlags_Icon_Update_Dialog div.colours i{cursor:pointer;padding:1px;opacity:.9;}#Config_UserFlags_Icon_Update_Dialog div.colours i:hover{opacity:1;}#Config_UserFlags_Icon_Update_Dialog div.colours i.selected{opacity:1;}#Config_UserFlags_Icon_Update_Dialog div.icons{text-align:center;font-size:30px;background-color:#fff;border:1px solid #d1d1d1;margin:6px 0 14px 0;}#Config_UserFlags_Icon_Update_Dialog div.icons i{width:1.28571429em;text-align:center;cursor:pointer;padding:4px 0;color:#333;opacity:.6;}#Config_UserFlags_Icon_Update_Dialog div.icons i:hover{opacity:.9;color:inherit;}#Config_UserFlags_Icon_Update_Dialog div.icons i.selected{opacity:1;color:inherit;}#Config_UserFlags_BulkAssign_ModeDialog>div{margin-top:6px;background-color:#fff;line-height:1.3em;border:1px solid #ddd;}#Config_UserFlags_BulkAssign_ModeDialog>div>div{display:block;padding:4px;cursor:pointer;}#Config_UserFlags_BulkAssign_ModeDialog>div>div:not(:last-child){border-bottom:1px dashed #ddd;}#Config_UserFlags_BulkAssign_ModeDialog>div>div h5{font-size:1.1em;padding:4px 0;}#Config_UserFlags_BulkAssign_ModeDialog>div>div i{margin-right:4px;}#Config_UserFlags_BulkAssign_ModeDialog>div>div.add:hover{background-color:#eeffde;}#Config_UserFlags_BulkAssign_ModeDialog>div>div.add i{color:#60a917;}#Config_UserFlags_BulkAssign_ModeDialog>div>div.override:hover{background-color:#ffe1de;}#Config_UserFlags_BulkAssign_ModeDialog>div>div.override i{color:#e51400;}#Config_UserFlags_BulkAssign_AssignDialog .brief{margin:0 0 8px 0;}#Config_UserFlags_BulkAssign_AssignDialog .brief .scopeDescBulkGenerate{font-weight:600;}#Config_UserFlags_BulkAssign_AssignDialog .brief div.examples{margin:8px auto;width:300px;}#Config_UserFlags_BulkAssign_AssignDialog .brief div.examples div{margin:2px 4px 2px 0;width:150px;float:left;}#Config_UserFlags_BulkAssign_AssignDialog .brief div.examples div.example1{width:100px;}#Config_UserFlags_BulkAssign_AssignDialog div.loading{display:none;padding:40px 0;text-align:center;}#Config_UserFlags_BulkAssign_AssignDialog div.loading i{margin-right:10px;color:#1e6dab;}#Config_UserFlags_BulkAssign_AssignDialog #Config_UserFlags_BulkAssign_AssignDialog_UserIds{height:200px;margin-bottom:8px;}#Config_UserFlags_BulkAssign_AssignDialog textarea{width:calc(100% - .5em);margin:0;}#Config_UserFlags_BulkAssign_AssignDialog.loading>div.loading{display:block;}#Config_UserFlags_BulkAssign_AssignDialog.loading>form{display:none;}#UserFlag_Export #UserFlag_Export_Fields #UserFlag_Export_Fields_Defaults{font-size:.75em;}#UserFlag_Export #UserFlag_Export_Fields th{font-size:1.05em;}#UserFlag_Export #UserFlag_Export_Fields th span{margin-top:4px;font-size:.8em;}#Config_DeviceFlags_Show #DeviceFlag_OnAssignmentExpression,#Config_DeviceFlags_Show #DeviceFlag_OnUnassignmentExpression{height:16px;min-height:16px;overflow:hidden;font-family:Consolas,"Courier New",monospace;}#Config_DeviceFlags_Index i{width:1.28571429em;text-align:center;}#Config_DeviceFlags_Icon{display:block;margin:0 0 10px 10px;}#Config_DeviceFlags_Icon_Update_Dialog{display:none;}#Config_DeviceFlags_Icon_Update_Dialog div.colours{text-align:center;font-size:30px;}#Config_DeviceFlags_Icon_Update_Dialog div.colours i{cursor:pointer;padding:1px;opacity:.9;}#Config_DeviceFlags_Icon_Update_Dialog div.colours i:hover{opacity:1;}#Config_DeviceFlags_Icon_Update_Dialog div.colours i.selected{opacity:1;}#Config_DeviceFlags_Icon_Update_Dialog div.icons{text-align:center;font-size:30px;background-color:#fff;border:1px solid #d1d1d1;margin:6px 0 14px 0;}#Config_DeviceFlags_Icon_Update_Dialog div.icons i{width:1.28571429em;text-align:center;cursor:pointer;padding:4px 0;color:#333;opacity:.6;}#Config_DeviceFlags_Icon_Update_Dialog div.icons i:hover{opacity:.9;color:inherit;}#Config_DeviceFlags_Icon_Update_Dialog div.icons i.selected{opacity:1;color:inherit;}#Config_DeviceFlags_BulkAssign_ModeDialog>div{margin-top:6px;background-color:#fff;line-height:1.3em;border:1px solid #ddd;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div{display:block;padding:4px;cursor:pointer;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div:not(:last-child){border-bottom:1px dashed #ddd;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div h5{font-size:1.1em;padding:4px 0;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div i{margin-right:4px;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div.add:hover{background-color:#eeffde;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div.add i{color:#60a917;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div.override:hover{background-color:#ffe1de;}#Config_DeviceFlags_BulkAssign_ModeDialog>div>div.override i{color:#e51400;}#Config_DeviceFlags_BulkAssign_AssignDialog .brief{margin:0 0 8px 0;}#Config_DeviceFlags_BulkAssign_AssignDialog .brief .scopeDescBulkGenerate{font-weight:600;}#Config_DeviceFlags_BulkAssign_AssignDialog .brief div.examples{margin:8px auto;width:300px;}#Config_DeviceFlags_BulkAssign_AssignDialog .brief div.examples div{margin:2px 4px 2px 0;width:150px;float:left;}#Config_DeviceFlags_BulkAssign_AssignDialog .brief div.examples div.example1{width:100px;}#Config_DeviceFlags_BulkAssign_AssignDialog div.loading{display:none;padding:40px 0;text-align:center;}#Config_DeviceFlags_BulkAssign_AssignDialog div.loading i{margin-right:10px;color:#1e6dab;}#Config_DeviceFlags_BulkAssign_AssignDialog #Config_DeviceFlags_BulkAssign_AssignDialog_DeviceSerialNumbers{height:200px;margin-bottom:8px;}#Config_DeviceFlags_BulkAssign_AssignDialog textarea{width:calc(100% - .5em);margin:0;}#Config_DeviceFlags_BulkAssign_AssignDialog.loading>div.loading{display:block;}#Config_DeviceFlags_BulkAssign_AssignDialog.loading>form{display:none;}#Config_Flag_Permissions #Config_Flag_Permissions_Inherit_Container{margin:5px 0;}#Config_Flag_Permissions .tableDataContainer{min-height:260px;}#Config_Flag_Permissions .tableDataContainer td i.remove{float:right;cursor:pointer;visibility:hidden;color:#e51400;font-size:1.4em;opacity:.8;}#Config_Flag_Permissions .tableDataContainer td:hover i.remove{visibility:visible;}#DocumentTemplate_BulkGenerate .actions{padding-bottom:.5em;text-align:right;}#DocumentTemplate_BulkGenerate table{max-width:850px;margin:auto;}#DocumentTemplate_BulkGenerate table tr.when-none{text-align:center;font-style:italic;}.dialog-item-picker{height:300px;overflow-y:auto;background-color:#fcfcfc;border:1px solid #ccc;}.dialog-item-picker>div{background-color:#fff;border-bottom:1px solid #ddd;padding:6px 0 6px 6px;cursor:pointer;}.dialog-item-picker>div:hover{background-color:#f4f4f4;}.dialog-item-picker>div.selected,.dialog-item-picker>div.selected:hover{background-color:#eee;}.dialog-item-picker>div.disabled{cursor:not-allowed;background-color:#f4f4f4;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List{height:120px;overflow-y:auto;background-color:#fff;border:1px solid #d8d8d8;margin-bottom:10px;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List li{cursor:pointer;margin:2px 4px;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List li:hover{background-color:#f4f4f4;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List li:hover .remove{opacity:.8;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List li .remove{margin-top:2px;padding-right:6px;float:right;cursor:pointer;opacity:0;color:#e51400;font-size:1.3em;}#Config_Export_Edit_OnDemand #Config_Export_Edit_OnDemand_List li .remove:hover{opacity:1;}#DocumentTemplate_Export #DocumentTemplate_Export_Fields #DocumentTemplate_Export_Fields_Defaults{font-size:.75em;}#DocumentTemplate_Export #DocumentTemplate_Export_Fields th{font-size:1.05em;}#DocumentTemplate_Export #DocumentTemplate_Export_Fields th span{margin-top:4px;font-size:.8em;}
\ No newline at end of file
diff --git a/Disco.Web/Controllers/DeviceController.cs b/Disco.Web/Controllers/DeviceController.cs
index 09a6de94..ecb85fcf 100644
--- a/Disco.Web/Controllers/DeviceController.cs
+++ b/Disco.Web/Controllers/DeviceController.cs
@@ -235,6 +235,7 @@ namespace Disco.Web.Controllers
                 .Include(d => d.DeviceCertificates)
                 .Include(d => d.DeviceAttachments.Select(a => a.TechUser))
                 .Include(d => d.DeviceAttachments.Select(a => a.DocumentTemplate))
+                .Include(d => d.DeviceFlagAssignments.Select(a => a.DeviceFlag))
                 .Include(d => d.DeviceFlagAssignments.Select(a => a.AddedUser))
                 .Include(d => d.DeviceFlagAssignments.Select(a => a.RemovedUser))
                 .FirstOrDefault(d => d.SerialNumber == id);
@@ -311,15 +312,7 @@ namespace Disco.Web.Controllers
                 m.DeviceProfileWirelessProfileProviders = m.Device.DeviceProfile.GetWirelessProfileProviders().ToList();
             }
 
-            if (Authorization.Has(Claims.Device.ShowFlagAssignments))
-            {
-                var usedFlags = m.Device.DeviceFlagAssignments
-                    .Where(a => !a.RemovedDate.HasValue)
-                    .Select(a => a.DeviceFlagId)
-                    .Distinct().ToList();
-
-                m.AvailableDeviceFlags = DeviceFlagService.GetDeviceFlags().Where(f => !usedFlags.Contains(f.Id)).ToList();
-            }
+            m.AvailableDeviceFlags = DeviceFlagService.GetAvailableDeviceFlags(m.Device).ToList();
 
             if (Authorization.Has(Claims.User.ShowDetails))
             {
diff --git a/Disco.Web/Controllers/UserController.cs b/Disco.Web/Controllers/UserController.cs
index 1e479e42..68b30aa1 100644
--- a/Disco.Web/Controllers/UserController.cs
+++ b/Disco.Web/Controllers/UserController.cs
@@ -61,6 +61,7 @@ namespace Disco.Web.Controllers
                 .Include(u => u.DeviceUserAssignments.Select(dua => dua.Device.DeviceDetails))
                 .Include(u => u.UserAttachments.Select(ua => ua.TechUser))
                 .Include(u => u.UserAttachments.Select(ua => ua.DocumentTemplate))
+                .Include(u => u.UserFlagAssignments.Select(ufa => ufa.UserFlag))
                 .Include(u => u.UserFlagAssignments.Select(ufa => ufa.AddedUser))
                 .Include(u => u.UserFlagAssignments.Select(ufa => ufa.RemovedUser))
                 .Include(u => u.UserDetails)
@@ -84,15 +85,7 @@ namespace Disco.Web.Controllers
                 m.Jobs.Fill(Database, Services.Searching.Search.BuildJobTableModel(Database).Where(j => j.UserId == id).OrderByDescending(j => j.Id), true);
             }
 
-            if (Authorization.Has(Claims.User.ShowFlagAssignments))
-            {
-                var usedFlags = m.User.UserFlagAssignments
-                    .Where(a => !a.RemovedDate.HasValue)
-                    .Select(a => a.UserFlagId)
-                    .Distinct().ToList();
-
-                m.AvailableUserFlags = UserFlagService.GetUserFlags().Where(f => !usedFlags.Contains(f.Id)).ToList();
-            }
+            m.AvailableUserFlags = UserFlagService.GetAvailableUserFlags(m.User).ToList();
 
             try
             {
diff --git a/Disco.Web/Disco.Web.csproj b/Disco.Web/Disco.Web.csproj
index 7dea15d2..1bc7d6e1 100644
--- a/Disco.Web/Disco.Web.csproj
+++ b/Disco.Web/Disco.Web.csproj
@@ -227,6 +227,7 @@
     <Compile Include="Areas\API\Models\Job\DeviceHeldLocationModel.cs" />
     <Compile Include="Areas\API\Models\Shared\SubjectDescriptorModel.cs" />
     <Compile Include="Areas\API\Models\System\DomainOrganisationalUnitsModel.cs" />
+    <Compile Include="Areas\API\Models\Shared\FlagPermissionModel.cs" />
     <Compile Include="Areas\API\Views\_ViewStart.generated.cs">
       <DependentUpon>_ViewStart.cshtml</DependentUpon>
       <AutoGen>True</AutoGen>
diff --git a/Disco.Web/Extensions/T4MVC/API.DeviceFlagAssignmentController.generated.cs b/Disco.Web/Extensions/T4MVC/API.DeviceFlagAssignmentController.generated.cs
index aacaf59f..a5d51321 100644
--- a/Disco.Web/Extensions/T4MVC/API.DeviceFlagAssignmentController.generated.cs
+++ b/Disco.Web/Extensions/T4MVC/API.DeviceFlagAssignmentController.generated.cs
@@ -143,8 +143,8 @@ namespace Disco.Web.Areas.API.Controllers
         public class ActionParamsClass_AddDevice
         {
             public readonly string id = "id";
-            public readonly string DeviceSerialNumber = "DeviceSerialNumber";
-            public readonly string Comments = "Comments";
+            public readonly string deviceSerialNumber = "deviceSerialNumber";
+            public readonly string comments = "comments";
         }
         static readonly ActionParamsClass_RemoveDevice s_params_RemoveDevice = new ActionParamsClass_RemoveDevice();
         [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
@@ -203,16 +203,16 @@ namespace Disco.Web.Areas.API.Controllers
         }
 
         [NonAction]
-        partial void AddDeviceOverride(T4MVC_System_Web_Mvc_ActionResult callInfo, int id, string DeviceSerialNumber, string Comments);
+        partial void AddDeviceOverride(T4MVC_System_Web_Mvc_ActionResult callInfo, int id, string deviceSerialNumber, string comments);
 
         [NonAction]
-        public override System.Web.Mvc.ActionResult AddDevice(int id, string DeviceSerialNumber, string Comments)
+        public override System.Web.Mvc.ActionResult AddDevice(int id, string deviceSerialNumber, string comments)
         {
             var callInfo = new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.AddDevice);
             ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "id", id);
-            ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "DeviceSerialNumber", DeviceSerialNumber);
-            ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "Comments", Comments);
-            AddDeviceOverride(callInfo, id, DeviceSerialNumber, Comments);
+            ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "deviceSerialNumber", deviceSerialNumber);
+            ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "comments", comments);
+            AddDeviceOverride(callInfo, id, deviceSerialNumber, comments);
             return callInfo;
         }
 
diff --git a/Disco.Web/Extensions/T4MVC/API.DeviceFlagController.generated.cs b/Disco.Web/Extensions/T4MVC/API.DeviceFlagController.generated.cs
index 4949ce82..0c6eabf3 100644
--- a/Disco.Web/Extensions/T4MVC/API.DeviceFlagController.generated.cs
+++ b/Disco.Web/Extensions/T4MVC/API.DeviceFlagController.generated.cs
@@ -155,6 +155,12 @@ namespace Disco.Web.Areas.API.Controllers
         {
             return new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.SaveExport);
         }
+        [NonAction]
+        [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
+        public virtual System.Web.Mvc.ActionResult Permission()
+        {
+            return new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.Permission);
+        }
 
         [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
         public DeviceFlagController Actions { get { return MVC.API.DeviceFlag; } }
@@ -187,6 +193,7 @@ namespace Disco.Web.Areas.API.Controllers
             public readonly string Export = "Export";
             public readonly string ExportRetrieve = "ExportRetrieve";
             public readonly string SaveExport = "SaveExport";
+            public readonly string Permission = "Permission";
         }
 
         [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
@@ -208,6 +215,7 @@ namespace Disco.Web.Areas.API.Controllers
             public const string Export = "Export";
             public const string ExportRetrieve = "ExportRetrieve";
             public const string SaveExport = "SaveExport";
+            public const string Permission = "Permission";
         }
 
 
@@ -367,6 +375,15 @@ namespace Disco.Web.Areas.API.Controllers
         {
             public readonly string model = "model";
         }
+        static readonly ActionParamsClass_Permission s_params_Permission = new ActionParamsClass_Permission();
+        [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
+        public ActionParamsClass_Permission PermissionParams { get { return s_params_Permission; } }
+        [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
+        public class ActionParamsClass_Permission
+        {
+            public readonly string id = "id";
+            public readonly string model = "model";
+        }
         static readonly ViewsClass s_views = new ViewsClass();
         [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
         public ViewsClass Views { get { return s_views; } }
@@ -606,6 +623,19 @@ namespace Disco.Web.Areas.API.Controllers
             return callInfo;
         }
 
+        [NonAction]
+        partial void PermissionOverride(T4MVC_System_Web_Mvc_ActionResult callInfo, int id, Disco.Web.Areas.API.Models.Shared.FlagPermissionModel model);
+
+        [NonAction]
+        public override System.Web.Mvc.ActionResult Permission(int id, Disco.Web.Areas.API.Models.Shared.FlagPermissionModel model)
+        {
+            var callInfo = new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.Permission);
+            ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "id", id);
+            ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "model", model);
+            PermissionOverride(callInfo, id, model);
+            return callInfo;
+        }
+
     }
 }
 
diff --git a/Disco.Web/Extensions/T4MVC/API.SystemController.generated.cs b/Disco.Web/Extensions/T4MVC/API.SystemController.generated.cs
index fef57240..0c5e94e5 100644
--- a/Disco.Web/Extensions/T4MVC/API.SystemController.generated.cs
+++ b/Disco.Web/Extensions/T4MVC/API.SystemController.generated.cs
@@ -308,6 +308,7 @@ namespace Disco.Web.Areas.API.Controllers
         public class ActionParamsClass_SearchSubjects
         {
             public readonly string term = "term";
+            public readonly string includeAuthorizationRoles = "includeAuthorizationRoles";
         }
         static readonly ActionParamsClass_SearchGroupSubjects s_params_SearchGroupSubjects = new ActionParamsClass_SearchGroupSubjects();
         [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
@@ -324,6 +325,7 @@ namespace Disco.Web.Areas.API.Controllers
         public class ActionParamsClass_Subject
         {
             public readonly string Id = "Id";
+            public readonly string includeAuthorizationRoles = "includeAuthorizationRoles";
         }
         static readonly ActionParamsClass_SyncActiveDirectoryManagedGroup s_params_SyncActiveDirectoryManagedGroup = new ActionParamsClass_SyncActiveDirectoryManagedGroup();
         [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
@@ -587,14 +589,15 @@ namespace Disco.Web.Areas.API.Controllers
         }
 
         [NonAction]
-        partial void SearchSubjectsOverride(T4MVC_System_Web_Mvc_ActionResult callInfo, string term);
+        partial void SearchSubjectsOverride(T4MVC_System_Web_Mvc_ActionResult callInfo, string term, bool includeAuthorizationRoles);
 
         [NonAction]
-        public override System.Web.Mvc.ActionResult SearchSubjects(string term)
+        public override System.Web.Mvc.ActionResult SearchSubjects(string term, bool includeAuthorizationRoles)
         {
             var callInfo = new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.SearchSubjects);
             ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "term", term);
-            SearchSubjectsOverride(callInfo, term);
+            ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "includeAuthorizationRoles", includeAuthorizationRoles);
+            SearchSubjectsOverride(callInfo, term, includeAuthorizationRoles);
             return callInfo;
         }
 
@@ -611,14 +614,15 @@ namespace Disco.Web.Areas.API.Controllers
         }
 
         [NonAction]
-        partial void SubjectOverride(T4MVC_System_Web_Mvc_ActionResult callInfo, string Id);
+        partial void SubjectOverride(T4MVC_System_Web_Mvc_ActionResult callInfo, string Id, bool includeAuthorizationRoles);
 
         [NonAction]
-        public override System.Web.Mvc.ActionResult Subject(string Id)
+        public override System.Web.Mvc.ActionResult Subject(string Id, bool includeAuthorizationRoles)
         {
             var callInfo = new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.Subject);
             ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "Id", Id);
-            SubjectOverride(callInfo, Id);
+            ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "includeAuthorizationRoles", includeAuthorizationRoles);
+            SubjectOverride(callInfo, Id, includeAuthorizationRoles);
             return callInfo;
         }
 
diff --git a/Disco.Web/Extensions/T4MVC/API.UserFlagController.generated.cs b/Disco.Web/Extensions/T4MVC/API.UserFlagController.generated.cs
index 98d95e28..e098f677 100644
--- a/Disco.Web/Extensions/T4MVC/API.UserFlagController.generated.cs
+++ b/Disco.Web/Extensions/T4MVC/API.UserFlagController.generated.cs
@@ -155,6 +155,12 @@ namespace Disco.Web.Areas.API.Controllers
         {
             return new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.SaveExport);
         }
+        [NonAction]
+        [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
+        public virtual System.Web.Mvc.ActionResult Permission()
+        {
+            return new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.Permission);
+        }
 
         [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
         public UserFlagController Actions { get { return MVC.API.UserFlag; } }
@@ -187,6 +193,7 @@ namespace Disco.Web.Areas.API.Controllers
             public readonly string Export = "Export";
             public readonly string ExportRetrieve = "ExportRetrieve";
             public readonly string SaveExport = "SaveExport";
+            public readonly string Permission = "Permission";
         }
 
         [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
@@ -208,6 +215,7 @@ namespace Disco.Web.Areas.API.Controllers
             public const string Export = "Export";
             public const string ExportRetrieve = "ExportRetrieve";
             public const string SaveExport = "SaveExport";
+            public const string Permission = "Permission";
         }
 
 
@@ -367,6 +375,15 @@ namespace Disco.Web.Areas.API.Controllers
         {
             public readonly string model = "model";
         }
+        static readonly ActionParamsClass_Permission s_params_Permission = new ActionParamsClass_Permission();
+        [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
+        public ActionParamsClass_Permission PermissionParams { get { return s_params_Permission; } }
+        [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
+        public class ActionParamsClass_Permission
+        {
+            public readonly string id = "id";
+            public readonly string model = "model";
+        }
         static readonly ViewsClass s_views = new ViewsClass();
         [GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
         public ViewsClass Views { get { return s_views; } }
@@ -606,6 +623,19 @@ namespace Disco.Web.Areas.API.Controllers
             return callInfo;
         }
 
+        [NonAction]
+        partial void PermissionOverride(T4MVC_System_Web_Mvc_ActionResult callInfo, int id, Disco.Web.Areas.API.Models.Shared.FlagPermissionModel model);
+
+        [NonAction]
+        public override System.Web.Mvc.ActionResult Permission(int id, Disco.Web.Areas.API.Models.Shared.FlagPermissionModel model)
+        {
+            var callInfo = new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.Permission);
+            ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "id", id);
+            ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "model", model);
+            PermissionOverride(callInfo, id, model);
+            return callInfo;
+        }
+
     }
 }
 
diff --git a/Disco.Web/Views/Device/DeviceParts/_Flags.cshtml b/Disco.Web/Views/Device/DeviceParts/_Flags.cshtml
index 47b4ed8a..f92c5549 100644
--- a/Disco.Web/Views/Device/DeviceParts/_Flags.cshtml
+++ b/Disco.Web/Views/Device/DeviceParts/_Flags.cshtml
@@ -1,15 +1,8 @@
 @model Disco.Web.Models.Device.ShowModel
 @using Disco.Services.Devices.DeviceFlags;
 @{
-    Authorization.Require(Claims.Device.ShowFlagAssignments);
-
-    var hasRemove = Authorization.Has(Claims.Device.Actions.RemoveFlags);
-    var hasEdit = Authorization.Has(Claims.Device.Actions.EditFlags);
-
-    var hasDeviceFlagShow = Authorization.Has(Claims.Config.DeviceFlag.Show);
-    var activeAssignmentCount = Model.Device.DeviceFlagAssignments == null ? 0 : Model.Device.DeviceFlagAssignments.Count(a => !a.RemovedDate.HasValue);
-
-    var flagAssignments = Model.Device.DeviceFlagAssignments.Select(a => Tuple.Create(a, DeviceFlagService.GetDeviceFlag(a.DeviceFlagId))).ToList();
+    var flagAssignments = Model.Device.DeviceFlagAssignments.Select(a => Tuple.Create(a, DeviceFlagService.GetDeviceFlag(a.DeviceFlagId))).Where(a => a.Item2.permission.CanShow()).ToList();
+    var activeAssignmentCount = flagAssignments.Count(a => !a.Item1.RemovedDate.HasValue);
 }
 <div id="DeviceDetailTab-Flags" class="DevicePart">
     @if (flagAssignments.Count > 0)
@@ -25,14 +18,14 @@
             {
                 <tr data-deviceflagassignmentid="@fa.Item1.Id" data-flagassignmentaddeddate="@(fa.Item1.AddedDate.ToString("s"))" class="@(!fa.Item1.RemovedDate.HasValue ? "added" : "removed")">
                     <td class="name">
-                        <i class="fa fa-@(fa.Item2.Icon) fa-fw fa-lg d-@(fa.Item2.IconColour)"></i>
-                        @if (hasDeviceFlagShow)
+                        <i class="fa fa-@(fa.Item2.flag.Icon) fa-fw fa-lg d-@(fa.Item2.flag.IconColour)"></i>
+                        @if (Authorization.Has(Claims.Config.DeviceFlag.Show))
                         {
-                            @Html.ActionLink(fa.Item2.Name, MVC.Config.DeviceFlag.Index(fa.Item2.Id))
+                            @Html.ActionLink(fa.Item2.flag.Name, MVC.Config.DeviceFlag.Index(fa.Item2.flag.Id))
                         }
                         else
                         {
-                            @fa.Item2.Name
+                            @fa.Item2.flag.Name
                         }
                     </td>
                     <td class="added">
@@ -43,7 +36,7 @@
                         }
                     </td>
                     <td class="comments">
-                        @if (hasEdit)
+                        @if (fa.Item2.permission.CanEdit())
                         {
                             <div class="editable"><i class="fa fa-fw fa-edit" title="Edit Comments"></i></div>
                         }
@@ -77,6 +70,7 @@
         <div id="Device_Show_Flags_Actions_Remove_Dialog" class="dialog" title="Remove this flag from the device?">
             @using (Html.BeginForm(MVC.API.DeviceFlagAssignment.RemoveDevice()))
             {
+                @Html.AntiForgeryToken()
                 <input id="Device_Show_Flags_Actions_Remove_Dialog_Id" type="hidden" name="id" value="" />
                 <p>
                     <i class="fa fa-exclamation-triangle fa-lg"></i>&nbsp;Are you sure?
@@ -86,6 +80,7 @@
         <div id="Device_Show_Flags_Actions_EditComments_Dialog" class="dialog" title="Edit the Comments">
             @using (Html.BeginForm(MVC.API.DeviceFlagAssignment.UpdateComments()))
             {
+                @Html.AntiForgeryToken()
                 <input id="Device_Show_Flags_Actions_EditComments_Dialog_Id" type="hidden" name="id" value="" />
                 <input type="hidden" name="redirect" value="true" />
                 <h4>Comments:</h4>
diff --git a/Disco.Web/Views/Device/DeviceParts/_Flags.generated.cs b/Disco.Web/Views/Device/DeviceParts/_Flags.generated.cs
index f3c35631..108a8bf0 100644
--- a/Disco.Web/Views/Device/DeviceParts/_Flags.generated.cs
+++ b/Disco.Web/Views/Device/DeviceParts/_Flags.generated.cs
@@ -52,15 +52,8 @@ namespace Disco.Web.Views.Device.DeviceParts
             
             #line 3 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
   
-    Authorization.Require(Claims.Device.ShowFlagAssignments);
-
-    var hasRemove = Authorization.Has(Claims.Device.Actions.RemoveFlags);
-    var hasEdit = Authorization.Has(Claims.Device.Actions.EditFlags);
-
-    var hasDeviceFlagShow = Authorization.Has(Claims.Config.DeviceFlag.Show);
-    var activeAssignmentCount = Model.Device.DeviceFlagAssignments == null ? 0 : Model.Device.DeviceFlagAssignments.Count(a => !a.RemovedDate.HasValue);
-
-    var flagAssignments = Model.Device.DeviceFlagAssignments.Select(a => Tuple.Create(a, DeviceFlagService.GetDeviceFlag(a.DeviceFlagId))).ToList();
+    var flagAssignments = Model.Device.DeviceFlagAssignments.Select(a => Tuple.Create(a, DeviceFlagService.GetDeviceFlag(a.DeviceFlagId))).Where(a => a.Item2.permission.CanShow()).ToList();
+    var activeAssignmentCount = flagAssignments.Count(a => !a.Item1.RemovedDate.HasValue);
 
             
             #line default
@@ -74,13 +67,13 @@ WriteLiteral(" class=\"DevicePart\"");
 WriteLiteral(">\r\n");
 
             
-            #line 15 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 8 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
     
             
             #line default
             #line hidden
             
-            #line 15 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 8 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
      if (flagAssignments.Count > 0)
     {
 
@@ -110,13 +103,13 @@ WriteLiteral(" class=\"removed\"");
 WriteLiteral(">Removed</th>\r\n            </tr>\r\n");
 
             
-            #line 24 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 17 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
             
             
             #line default
             #line hidden
             
-            #line 24 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 17 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
              foreach (var fa in flagAssignments.OrderByDescending(a => a.Item1.AddedDate))
             {
 
@@ -128,7 +121,7 @@ WriteLiteral("                <tr");
 WriteLiteral(" data-deviceflagassignmentid=\"");
 
             
-            #line 26 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 19 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                                             Write(fa.Item1.Id);
 
             
@@ -139,7 +132,7 @@ WriteLiteral("\"");
 WriteLiteral(" data-flagassignmentaddeddate=\"");
 
             
-            #line 26 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 19 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                                                                                          Write(fa.Item1.AddedDate.ToString("s"));
 
             
@@ -147,14 +140,14 @@ WriteLiteral(" data-flagassignmentaddeddate=\"");
             #line hidden
 WriteLiteral("\"");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 1282), Tuple.Create("\"", 1345)
+WriteAttribute("class", Tuple.Create(" class=\"", 967), Tuple.Create("\"", 1030)
             
-            #line 26 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
-                                                          , Tuple.Create(Tuple.Create("", 1290), Tuple.Create<System.Object, System.Int32>(!fa.Item1.RemovedDate.HasValue ? "added" : "removed"
+            #line 19 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+                                                           , Tuple.Create(Tuple.Create("", 975), Tuple.Create<System.Object, System.Int32>(!fa.Item1.RemovedDate.HasValue ? "added" : "removed"
             
             #line default
             #line hidden
-, 1290), false)
+, 975), false)
 );
 
 WriteLiteral(">\r\n                    <td");
@@ -163,54 +156,54 @@ WriteLiteral(" class=\"name\"");
 
 WriteLiteral(">\r\n                        <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 1414), Tuple.Create("\"", 1481)
-, Tuple.Create(Tuple.Create("", 1422), Tuple.Create("fa", 1422), true)
-, Tuple.Create(Tuple.Create(" ", 1424), Tuple.Create("fa-", 1425), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 1099), Tuple.Create("\"", 1176)
+, Tuple.Create(Tuple.Create("", 1107), Tuple.Create("fa", 1107), true)
+, Tuple.Create(Tuple.Create(" ", 1109), Tuple.Create("fa-", 1110), true)
             
-            #line 28 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
-, Tuple.Create(Tuple.Create("", 1428), Tuple.Create<System.Object, System.Int32>(fa.Item2.Icon
+            #line 21 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+, Tuple.Create(Tuple.Create("", 1113), Tuple.Create<System.Object, System.Int32>(fa.Item2.flag.Icon
             
             #line default
             #line hidden
-, 1428), false)
-, Tuple.Create(Tuple.Create(" ", 1444), Tuple.Create("fa-fw", 1445), true)
-, Tuple.Create(Tuple.Create(" ", 1450), Tuple.Create("fa-lg", 1451), true)
-, Tuple.Create(Tuple.Create(" ", 1456), Tuple.Create("d-", 1457), true)
+, 1113), false)
+, Tuple.Create(Tuple.Create(" ", 1134), Tuple.Create("fa-fw", 1135), true)
+, Tuple.Create(Tuple.Create(" ", 1140), Tuple.Create("fa-lg", 1141), true)
+, Tuple.Create(Tuple.Create(" ", 1146), Tuple.Create("d-", 1147), true)
             
-            #line 28 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
-, Tuple.Create(Tuple.Create("", 1459), Tuple.Create<System.Object, System.Int32>(fa.Item2.IconColour
+            #line 21 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+, Tuple.Create(Tuple.Create("", 1149), Tuple.Create<System.Object, System.Int32>(fa.Item2.flag.IconColour
             
             #line default
             #line hidden
-, 1459), false)
+, 1149), false)
 );
 
 WriteLiteral("></i>\r\n");
 
             
-            #line 29 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 22 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 29 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
-                         if (hasDeviceFlagShow)
+            #line 22 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+                         if (Authorization.Has(Claims.Config.DeviceFlag.Show))
                         {
                             
             
             #line default
             #line hidden
             
-            #line 31 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
-                       Write(Html.ActionLink(fa.Item2.Name, MVC.Config.DeviceFlag.Index(fa.Item2.Id)));
+            #line 24 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+                       Write(Html.ActionLink(fa.Item2.flag.Name, MVC.Config.DeviceFlag.Index(fa.Item2.flag.Id)));
 
             
             #line default
             #line hidden
             
-            #line 31 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
-                                                                                                     
+            #line 24 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+                                                                                                               
                         }
                         else
                         {
@@ -219,15 +212,15 @@ WriteLiteral("></i>\r\n");
             #line default
             #line hidden
             
-            #line 35 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
-                       Write(fa.Item2.Name);
+            #line 28 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+                       Write(fa.Item2.flag.Name);
 
             
             #line default
             #line hidden
             
-            #line 35 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
-                                          
+            #line 28 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+                                               
                         }
 
             
@@ -242,7 +235,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                        ");
 
             
-            #line 39 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 32 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                    Write(CommonHelpers.FriendlyDateAndUser(fa.Item1.AddedDate, fa.Item1.AddedUser));
 
             
@@ -251,13 +244,13 @@ WriteLiteral("                        ");
 WriteLiteral("\r\n");
 
             
-            #line 40 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 33 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 40 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 33 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                          if (fa.Item1.OnAssignmentExpressionResult != null)
                         {
 
@@ -271,7 +264,7 @@ WriteLiteral(" class=\"expressionResult\"");
 WriteLiteral(">");
 
             
-            #line 42 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 35 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                                                      Write(fa.Item1.OnAssignmentExpressionResult);
 
             
@@ -280,7 +273,7 @@ WriteLiteral(">");
 WriteLiteral("</div>\r\n");
 
             
-            #line 43 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 36 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                         }
 
             
@@ -293,14 +286,14 @@ WriteLiteral(" class=\"comments\"");
 WriteLiteral(">\r\n");
 
             
-            #line 46 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 39 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 46 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
-                         if (hasEdit)
+            #line 39 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+                         if (fa.Item2.permission.CanEdit())
                         {
 
             
@@ -319,7 +312,7 @@ WriteLiteral(" title=\"Edit Comments\"");
 WriteLiteral("></i></div>\r\n");
 
             
-            #line 49 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 42 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                         }
 
             
@@ -328,7 +321,7 @@ WriteLiteral("></i></div>\r\n");
 WriteLiteral("                        ");
 
             
-            #line 50 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 43 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                          if (fa.Item1.Comments == null)
                         {
 
@@ -342,7 +335,7 @@ WriteLiteral(" class=\"comments smallMessage\"");
 WriteLiteral(">[no comments]</div>\r\n");
 
             
-            #line 53 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 46 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                         }
                         else
                         {
@@ -357,7 +350,7 @@ WriteLiteral(" class=\"comments\"");
 WriteLiteral(">");
 
             
-            #line 56 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 49 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                                              Write(fa.Item1.Comments.ToHtmlComment());
 
             
@@ -372,7 +365,7 @@ WriteLiteral(" class=\"commentsRaw\"");
 WriteLiteral(">");
 
             
-            #line 57 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 50 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                                                 Write(fa.Item1.Comments);
 
             
@@ -381,7 +374,7 @@ WriteLiteral(">");
 WriteLiteral("</div>\r\n");
 
             
-            #line 58 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 51 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                         }
 
             
@@ -389,27 +382,27 @@ WriteLiteral("</div>\r\n");
             #line hidden
 WriteLiteral("                    </td>\r\n                    <td");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 3000), Tuple.Create("\"", 3063)
-, Tuple.Create(Tuple.Create("", 3008), Tuple.Create("removed", 3008), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 2763), Tuple.Create("\"", 2826)
+, Tuple.Create(Tuple.Create("", 2771), Tuple.Create("removed", 2771), true)
             
-            #line 60 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
-, Tuple.Create(Tuple.Create("", 3015), Tuple.Create<System.Object, System.Int32>(!fa.Item1.RemovedDate.HasValue ? " na" : null
+            #line 53 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+, Tuple.Create(Tuple.Create("", 2778), Tuple.Create<System.Object, System.Int32>(!fa.Item1.RemovedDate.HasValue ? " na" : null
             
             #line default
             #line hidden
-, 3015), false)
+, 2778), false)
 );
 
 WriteLiteral(">\r\n");
 
             
-            #line 61 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 54 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 61 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 54 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                          if (fa.Item1.RemovedDate.HasValue)
                         {
                             
@@ -417,14 +410,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 63 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 56 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                        Write(CommonHelpers.FriendlyDateAndUser(fa.Item1.RemovedDate.Value, fa.Item1.RemovedUser));
 
             
             #line default
             #line hidden
             
-            #line 63 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 56 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                                                                                                                 
                             if (fa.Item1.OnUnassignmentExpressionResult != null)
                             {
@@ -439,7 +432,7 @@ WriteLiteral(" class=\"expressionResult\"");
 WriteLiteral(">");
 
             
-            #line 66 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 59 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                                                          Write(fa.Item1.OnUnassignmentExpressionResult);
 
             
@@ -448,7 +441,7 @@ WriteLiteral(">");
 WriteLiteral("</div>\r\n");
 
             
-            #line 67 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 60 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                             }
                         }
                         else if (fa.Item1.CanRemove())
@@ -466,7 +459,7 @@ WriteLiteral(" class=\"button small remove\"");
 WriteLiteral(">Remove</a>\r\n");
 
             
-            #line 72 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 65 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                         }
 
             
@@ -475,7 +468,7 @@ WriteLiteral(">Remove</a>\r\n");
 WriteLiteral("                    </td>\r\n                </tr>\r\n");
 
             
-            #line 75 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 68 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
             }
 
             
@@ -494,15 +487,29 @@ WriteLiteral(" title=\"Remove this flag from the device?\"");
 WriteLiteral(">\r\n");
 
             
-            #line 78 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 71 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
             
             
             #line default
             #line hidden
             
-            #line 78 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 71 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
              using (Html.BeginForm(MVC.API.DeviceFlagAssignment.RemoveDevice()))
             {
+                
+            
+            #line default
+            #line hidden
+            
+            #line 73 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+           Write(Html.AntiForgeryToken());
+
+            
+            #line default
+            #line hidden
+            
+            #line 73 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+                                        
 
             
             #line default
@@ -526,7 +533,7 @@ WriteLiteral(" class=\"fa fa-exclamation-triangle fa-lg\"");
 WriteLiteral("></i>&nbsp;Are you sure?\r\n                </p>\r\n");
 
             
-            #line 84 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 78 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
             }
 
             
@@ -545,15 +552,29 @@ WriteLiteral(" title=\"Edit the Comments\"");
 WriteLiteral(">\r\n");
 
             
-            #line 87 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 81 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
             
             
             #line default
             #line hidden
             
-            #line 87 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 81 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
              using (Html.BeginForm(MVC.API.DeviceFlagAssignment.UpdateComments()))
             {
+                
+            
+            #line default
+            #line hidden
+            
+            #line 83 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+           Write(Html.AntiForgeryToken());
+
+            
+            #line default
+            #line hidden
+            
+            #line 83 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+                                        
 
             
             #line default
@@ -593,7 +614,7 @@ WriteLiteral(" class=\"block\"");
 WriteLiteral("></textarea>\r\n                </p>\r\n");
 
             
-            #line 95 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 90 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
             }
 
             
@@ -651,7 +672,7 @@ WriteLiteral(">\r\n            $(function () {\r\n                var deviceFlag
 "eturn false;\r\n                });\r\n            });\r\n        </script>\r\n");
 
             
-            #line 174 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 169 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
     }
     else
     {
@@ -666,7 +687,7 @@ WriteLiteral(" class=\"none\"");
 WriteLiteral(">This device has no associated flags</div>\r\n");
 
             
-            #line 178 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 173 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
     }
 
             
@@ -676,7 +697,7 @@ WriteLiteral("    <script>\r\n        $(\'#DeviceDetailTabItems\').append(\'<li>
 "ilTab-Flags\">Flags [");
 
             
-            #line 180 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
+            #line 175 "..\..\Views\Device\DeviceParts\_Flags.cshtml"
                                                                                   Write(activeAssignmentCount);
 
             
diff --git a/Disco.Web/Views/Device/DeviceParts/_Subject.cshtml b/Disco.Web/Views/Device/DeviceParts/_Subject.cshtml
index 9f366db9..d0a2c07d 100644
--- a/Disco.Web/Views/Device/DeviceParts/_Subject.cshtml
+++ b/Disco.Web/Views/Device/DeviceParts/_Subject.cshtml
@@ -239,17 +239,20 @@
                                                 <div id="Device_Show_User_EmailAddress" title="Email Address"><a href="mailto:@(Model.Device.AssignedUser.EmailAddress)" data-clipboard="@assignedUser.DisplayName &lt;@assignedUser.EmailAddress&gt;">@assignedUser.EmailAddress</a></div>
                                             }
                                         }
-                                        @if (Authorization.Has(Claims.User.ShowFlagAssignments))
+                                        @if (assignedUser.UserFlagAssignments.CanShowAny())
                                         {
                                             <div id="Device_Show_User_Flags">
                                                 @foreach (var flag in assignedUser.UserFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, UserFlagService.GetUserFlag(f.UserFlagId))))
                                                 {
-                                                    <i class="flag fa fa-@(flag.Item2.Icon) fa-fw d-@(flag.Item2.IconColour)">
-                                                        <span class="details">
-                                                            <span class="name">@flag.Item2.Name</span>@if (flag.Item1.Comments != null)
-                                                            {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId)</span>
-                                                        </span>
-                                                    </i>
+                                                    if (flag.Item2.permission.CanShow())
+                                                    {
+                                                        <i class="flag fa fa-@(flag.Item2.flag.Icon) fa-fw d-@(flag.Item2.flag.IconColour)">
+                                                            <span class="details">
+                                                                <span class="name">@flag.Item2.flag.Name</span>@if (flag.Item1.Comments != null)
+                                                                {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId)</span>
+                                                            </span>
+                                                        </i>
+                                                    }
                                                 }
                                                 <script type="text/javascript">
                                                     $(function () {
@@ -765,12 +768,13 @@
                     });
                 </script>
             }
-            @if (Model.Device.CanAddDeviceFlags() && Model.AvailableDeviceFlags != null && Model.AvailableDeviceFlags.Count > 0)
+            @if (Model.AvailableDeviceFlags != null && Model.AvailableDeviceFlags.Count > 0)
             {
-                @Html.ActionLinkSmallButton("Add Flag", MVC.API.DeviceFlagAssignment.AddDevice(), "Device_Show_Details_Actions_AddFlag_Button")
+                <button id="Device_Show_Details_Actions_AddFlag_Button" type="button" class="button small">Add Flag</button>
                 <div id="Device_Show_Details_Actions_AddFlag_Dialog" class="dialog" title="Add Device Flag">
                     @using (Html.BeginForm(MVC.API.DeviceFlagAssignment.AddDevice()))
                     {
+                        @Html.AntiForgeryToken()
                         <input id="Device_Show_Details_Actions_AddFlag_Dialog_Id" type="hidden" name="id" />
                         <input id="Device_Show_Details_Actions_AddFlag_Dialog_DeviceSerialNumber" type="hidden" name="DeviceSerialNumber" value="@Model.Device.SerialNumber" />
                         <div class="flagPicker">
@@ -794,7 +798,6 @@
                     $(function () {
                         const button = $('#Device_Show_Details_Actions_AddFlag_Button');
                         let buttonDialog = null;
-                        const buttonLink = button.attr('href');
 
                         let flagPicker = null;
                         let flagAddId = null;
@@ -814,9 +817,7 @@
                             flagAddComments.focus().select();
                         }
 
-                        button.attr('href', '#').click(function (e) {
-                            e.preventDefault();
-
+                        button.click(function (e) {
                             if (!buttonDialog) {
                                 buttonDialog = $('#Device_Show_Details_Actions_AddFlag_Dialog');
                                 buttonDialog.dialog({
@@ -831,10 +832,9 @@
                                         },
                                         "Add Flag": function () {
                                             if (!!flagAddId.val()) {
-                                                const $this = $(this);
-                                                $this.dialog("disable");
-                                                $this.dialog("option", "buttons", null);
-                                                buttonDialog.find('form').submit();
+                                                buttonDialog
+                                                    .dialog("option", "buttons", null)
+                                                    .find('form').submit();
                                             } else {
                                                 alert('Select a Device Flag');
                                             }
@@ -868,7 +868,6 @@
 
                             $('#Device_Show_Details_Actions_AddFlag_Dialog_Filter').val('');
                             buttonDialog.dialog('open');
-                            return false;
                         });
                     });
                 </script>
diff --git a/Disco.Web/Views/Device/DeviceParts/_Subject.generated.cs b/Disco.Web/Views/Device/DeviceParts/_Subject.generated.cs
index 13d916a6..f1e5bb21 100644
--- a/Disco.Web/Views/Device/DeviceParts/_Subject.generated.cs
+++ b/Disco.Web/Views/Device/DeviceParts/_Subject.generated.cs
@@ -1073,7 +1073,7 @@ WriteLiteral("                                        ");
 
             
             #line 242 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                                         if (Authorization.Has(Claims.User.ShowFlagAssignments))
+                                         if (assignedUser.UserFlagAssignments.CanShowAny())
                                         {
 
             
@@ -1095,47 +1095,49 @@ WriteLiteral(">\r\n");
             #line 245 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                  foreach (var flag in assignedUser.UserFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, UserFlagService.GetUserFlag(f.UserFlagId))))
                                                 {
+                                                    if (flag.Item2.permission.CanShow())
+                                                    {
 
             
             #line default
             #line hidden
-WriteLiteral("                                                    <i");
+WriteLiteral("                                                        <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 15522), Tuple.Create("\"", 15592)
-, Tuple.Create(Tuple.Create("", 15530), Tuple.Create("flag", 15530), true)
-, Tuple.Create(Tuple.Create(" ", 15534), Tuple.Create("fa", 15535), true)
-, Tuple.Create(Tuple.Create(" ", 15537), Tuple.Create("fa-", 15538), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 15666), Tuple.Create("\"", 15746)
+, Tuple.Create(Tuple.Create("", 15674), Tuple.Create("flag", 15674), true)
+, Tuple.Create(Tuple.Create(" ", 15678), Tuple.Create("fa", 15679), true)
+, Tuple.Create(Tuple.Create(" ", 15681), Tuple.Create("fa-", 15682), true)
             
-            #line 247 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 15541), Tuple.Create<System.Object, System.Int32>(flag.Item2.Icon
+            #line 249 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 15685), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.Icon
             
             #line default
             #line hidden
-, 15541), false)
-, Tuple.Create(Tuple.Create(" ", 15559), Tuple.Create("fa-fw", 15560), true)
-, Tuple.Create(Tuple.Create(" ", 15565), Tuple.Create("d-", 15566), true)
+, 15685), false)
+, Tuple.Create(Tuple.Create(" ", 15708), Tuple.Create("fa-fw", 15709), true)
+, Tuple.Create(Tuple.Create(" ", 15714), Tuple.Create("d-", 15715), true)
             
-            #line 247 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                    , Tuple.Create(Tuple.Create("", 15568), Tuple.Create<System.Object, System.Int32>(flag.Item2.IconColour
+            #line 249 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                             , Tuple.Create(Tuple.Create("", 15717), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.IconColour
             
             #line default
             #line hidden
-, 15568), false)
+, 15717), false)
 );
 
-WriteLiteral(">\r\n                                                        <span");
+WriteLiteral(">\r\n                                                            <span");
 
 WriteLiteral(" class=\"details\"");
 
-WriteLiteral(">\r\n                                                            <span");
+WriteLiteral(">\r\n                                                                <span");
 
 WriteLiteral(" class=\"name\"");
 
 WriteLiteral(">");
 
             
-            #line 249 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                                                                          Write(flag.Item2.Name);
+            #line 251 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                                                                              Write(flag.Item2.flag.Name);
 
             
             #line default
@@ -1143,9 +1145,9 @@ WriteLiteral(">");
 WriteLiteral("</span>");
 
             
-            #line 249 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                                                                                                       if (flag.Item1.Comments != null)
-                                                            {
+            #line 251 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                                                                                                                if (flag.Item1.Comments != null)
+                                                                {
             
             #line default
             #line hidden
@@ -1156,8 +1158,8 @@ WriteLiteral(" class=\"comments\"");
 WriteLiteral(">");
 
             
-            #line 250 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                                                                               Write(flag.Item1.Comments.ToHtmlComment());
+            #line 252 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                                                                                   Write(flag.Item1.Comments.ToHtmlComment());
 
             
             #line default
@@ -1165,8 +1167,8 @@ WriteLiteral(">");
 WriteLiteral("</span>");
 
             
-            #line 250 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                                                                                                                               }
+            #line 252 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                                                                                                                                   }
             
             #line default
             #line hidden
@@ -1177,17 +1179,18 @@ WriteLiteral(" class=\"added\"");
 WriteLiteral(">");
 
             
-            #line 250 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                                                                                                                                               Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId));
+            #line 252 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                                                                                                                                                   Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId));
 
             
             #line default
             #line hidden
-WriteLiteral("</span>\r\n                                                        </span>\r\n       " +
-"                                             </i>\r\n");
+WriteLiteral("</span>\r\n                                                            </span>\r\n   " +
+"                                                     </i>\r\n");
 
             
-            #line 253 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 255 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                                                    }
                                                 }
 
             
@@ -1230,7 +1233,7 @@ WriteLiteral(">\r\n                                                    $(functio
 "cript>\r\n                                            </div>\r\n");
 
             
-            #line 285 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 288 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                         }
 
             
@@ -1239,7 +1242,7 @@ WriteLiteral(">\r\n                                                    $(functio
 WriteLiteral("                                        ");
 
             
-            #line 286 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 289 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                          if (Model.AssignedUserDetails != null && Model.AssignedUserDetails.Count(d => !d.Key.EndsWith("&")) > 0)
                                         {
 
@@ -1255,13 +1258,13 @@ WriteLiteral(" class=\"status clearfix\"");
 WriteLiteral(">\r\n");
 
             
-            #line 289 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 292 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                 
             
             #line default
             #line hidden
             
-            #line 289 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 292 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                  foreach (var detail in Model.AssignedUserDetails.Where(d => !d.Key.EndsWith("&")))
                                                 {
 
@@ -1272,7 +1275,7 @@ WriteLiteral("                                                    <div>\r\n
 "                                  <strong>");
 
             
-            #line 292 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 295 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                            Write(detail.Key.TrimEnd('*'));
 
             
@@ -1281,13 +1284,13 @@ WriteLiteral("                                                    <div>\r\n
 WriteLiteral(":</strong>\r\n");
 
             
-            #line 293 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 296 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                         
             
             #line default
             #line hidden
             
-            #line 293 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 296 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                          if (detail.Key.EndsWith("*"))
                                                         {
 
@@ -1309,7 +1312,7 @@ WriteLiteral(" class=\"reveal hidden\"");
 WriteLiteral(">");
 
             
-            #line 296 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 299 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                    Write(Html.Partial(MVC.Shared.Views._CustomDetailValueRender, detail));
 
             
@@ -1318,7 +1321,7 @@ WriteLiteral(">");
 WriteLiteral("</span>\r\n");
 
             
-            #line 297 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 300 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                         }
                                                         else
                                                         {
@@ -1327,14 +1330,14 @@ WriteLiteral("</span>\r\n");
             #line default
             #line hidden
             
-            #line 300 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 303 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                        Write(Html.Partial(MVC.Shared.Views._CustomDetailValueRender, detail));
 
             
             #line default
             #line hidden
             
-            #line 300 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 303 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                                                             
                                                         }
 
@@ -1344,7 +1347,7 @@ WriteLiteral("</span>\r\n");
 WriteLiteral("                                                    </div>\r\n");
 
             
-            #line 303 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 306 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                 }
 
             
@@ -1369,7 +1372,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 316 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 319 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                         }
 
             
@@ -1378,7 +1381,7 @@ WriteLiteral(@">
 WriteLiteral("                                    </div>\r\n");
 
             
-            #line 318 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 321 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                 }
                                 else
                                 {
@@ -1393,7 +1396,7 @@ WriteLiteral(" class=\"smallMessage\"");
 WriteLiteral(">Not Assigned</span>\r\n");
 
             
-            #line 322 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 325 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                 }
 
             
@@ -1403,13 +1406,13 @@ WriteLiteral("                            </td>\r\n                        </tr>
 "     </table>\r\n                </div>\r\n");
 
             
-            #line 327 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 330 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 327 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 330 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                  if (Authorization.Has(Claims.Device.Actions.GenerateDocuments))
                 {
 
@@ -1427,7 +1430,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                        ");
 
             
-            #line 330 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 333 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                    Write(Html.Partial(MVC.Shared.Views._GenerateDocumentControl, Model.GenerateDocumentControlModel));
 
             
@@ -1436,7 +1439,7 @@ WriteLiteral("                        ");
 WriteLiteral("\r\n                    </div>\r\n");
 
             
-            #line 332 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 335 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                 }
 
             
@@ -1459,13 +1462,13 @@ WriteLiteral(" title=\"Device Profile\"");
 WriteLiteral(">\r\n");
 
             
-            #line 339 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 342 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 339 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 342 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                          if (Authorization.Has(Claims.Config.DeviceProfile.Show))
                         {
                             
@@ -1473,14 +1476,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 341 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 344 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                        Write(Html.ActionLink(Model.Device.DeviceProfile.Name, MVC.Config.DeviceProfile.Index(Model.Device.DeviceProfileId)));
 
             
             #line default
             #line hidden
             
-            #line 341 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 344 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                                                                            
                         }
                         else
@@ -1490,14 +1493,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 345 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 348 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                        Write(Model.Device.DeviceProfile.Name);
 
             
             #line default
             #line hidden
             
-            #line 345 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 348 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                             
                         }
 
@@ -1519,7 +1522,7 @@ WriteLiteral(">Distribution:</span>\r\n                            </td>\r\n
 WriteLiteral("                                ");
 
             
-            #line 354 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 357 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                            Write(Model.Device.DeviceProfile.DistributionType.ToString());
 
             
@@ -1535,13 +1538,13 @@ WriteLiteral(">Address:</span>\r\n                            </td>\r\n
 "<td>\r\n");
 
             
-            #line 362 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 365 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                 
             
             #line default
             #line hidden
             
-            #line 362 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 365 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                   
                                     if (Model.DeviceProfileDefaultOrganisationAddress != null)
                                     {
@@ -1556,7 +1559,7 @@ WriteLiteral(" id=\"Device_Show_Policies_Profile_Address\"");
 WriteLiteral(">");
 
             
-            #line 365 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 368 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                    Write(Model.DeviceProfileDefaultOrganisationAddress.Name);
 
             
@@ -1565,7 +1568,7 @@ WriteLiteral(">");
 WriteLiteral("</span>\r\n");
 
             
-            #line 366 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 369 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                     }
                                     else
                                     {
@@ -1582,7 +1585,7 @@ WriteLiteral(" class=\"smallMessage\"");
 WriteLiteral(">None</span>\r\n");
 
             
-            #line 370 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 373 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                     }
                                 
             
@@ -1600,7 +1603,7 @@ WriteLiteral(">Provision Account:</span>\r\n                            </td>\r\
 WriteLiteral("                                ");
 
             
-            #line 379 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 382 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                             Write(Model.Device.DeviceProfile.ProvisionADAccount ? "Active Directory" : "No");
 
             
@@ -1618,7 +1621,7 @@ WriteLiteral(">Certificates:</span>\r\n                            </td>\r\n
 WriteLiteral("                                ");
 
             
-            #line 387 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 390 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                             Write(Model.DeviceProfileCertificateProviders != null ? string.Join(", ", Model.DeviceProfileCertificateProviders.Select(c => c.Name)) : "None Provisioned");
 
             
@@ -1635,7 +1638,7 @@ WriteLiteral(">Wireless Profiles:</span>\r\n                            </td>\r\
 WriteLiteral("                                ");
 
             
-            #line 394 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 397 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                             Write(Model.DeviceProfileWirelessProfileProviders != null ? string.Join(", ", Model.DeviceProfileWirelessProfileProviders.Select(c => c.Name)) : "None Provisioned");
 
             
@@ -1645,13 +1648,13 @@ WriteLiteral("\r\n                            </td>\r\n                        <
 "       </table>\r\n");
 
             
-            #line 398 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 401 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 398 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 401 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                      if (Model.Device.CanUpdateDeviceProfile())
                     {
 
@@ -1667,7 +1670,7 @@ WriteLiteral(" class=\"button small\"");
 WriteLiteral(">Update Profile</button>\r\n");
 
             
-            #line 401 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 404 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
 
 
             
@@ -1684,13 +1687,13 @@ WriteLiteral(" title=\"Assign to Device Profile\"");
 WriteLiteral(">\r\n");
 
             
-            #line 403 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 406 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 403 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 406 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                              using (Html.BeginForm(MVC.API.Device.UpdateDeviceProfileId(Model.Device.SerialNumber, redirect: true)))
                             {
 
@@ -1706,7 +1709,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                                    ");
 
             
-            #line 406 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 409 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                Write(Html.AntiForgeryToken());
 
             
@@ -1719,13 +1722,13 @@ WriteLiteral(" class=\"none\"");
 WriteLiteral(">\r\n");
 
             
-            #line 408 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 411 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                         
             
             #line default
             #line hidden
             
-            #line 408 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 411 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                          foreach (var dp in Model.DeviceProfiles.OrderBy(i => i.Name))
                                         {
                                             var isDecommissioned = Model.DecommissionedDeviceProfileIds.Contains(dp.Id);
@@ -1735,27 +1738,27 @@ WriteLiteral(">\r\n");
             #line hidden
 WriteLiteral("                                            <li");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 26478), Tuple.Create("\"", 26523)
+WriteAttribute("class", Tuple.Create(" class=\"", 26712), Tuple.Create("\"", 26757)
             
-            #line 411 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 26486), Tuple.Create<System.Object, System.Int32>(isDecommissioned ? "hidden" : null
+            #line 414 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 26720), Tuple.Create<System.Object, System.Int32>(isDecommissioned ? "hidden" : null
             
             #line default
             #line hidden
-, 26486), false)
+, 26720), false)
 );
 
 WriteLiteral(">\r\n                                                <label");
 
-WriteAttribute("title", Tuple.Create(" title=\"", 26581), Tuple.Create("\"", 26625)
-, Tuple.Create(Tuple.Create("", 26589), Tuple.Create("Distribution:", 26589), true)
+WriteAttribute("title", Tuple.Create(" title=\"", 26815), Tuple.Create("\"", 26859)
+, Tuple.Create(Tuple.Create("", 26823), Tuple.Create("Distribution:", 26823), true)
             
-            #line 412 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create(" ", 26602), Tuple.Create<System.Object, System.Int32>(dp.DistributionType
+            #line 415 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create(" ", 26836), Tuple.Create<System.Object, System.Int32>(dp.DistributionType
             
             #line default
             #line hidden
-, 26603), false)
+, 26837), false)
 );
 
 WriteLiteral(">\r\n                                                    <input");
@@ -1764,20 +1767,20 @@ WriteLiteral(" type=\"radio\"");
 
 WriteLiteral(" name=\"DeviceProfileId\"");
 
-WriteAttribute("value", Tuple.Create(" value=\"", 26723), Tuple.Create("\"", 26737)
+WriteAttribute("value", Tuple.Create(" value=\"", 26957), Tuple.Create("\"", 26971)
             
-            #line 413 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                     , Tuple.Create(Tuple.Create("", 26731), Tuple.Create<System.Object, System.Int32>(dp.Id
+            #line 416 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                     , Tuple.Create(Tuple.Create("", 26965), Tuple.Create<System.Object, System.Int32>(dp.Id
             
             #line default
             #line hidden
-, 26731), false)
+, 26965), false)
 );
 
 WriteLiteral(" data-ouenforced=\"");
 
             
-            #line 413 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 416 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                                                           Write(dp.EnforceOrganisationalUnit);
 
             
@@ -1788,7 +1791,7 @@ WriteLiteral("\"");
 WriteLiteral(" ");
 
             
-            #line 413 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 416 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                                                                                           Write(Model.Device.DeviceProfileId == dp.Id ? "checked " : null);
 
             
@@ -1799,7 +1802,7 @@ WriteLiteral(" />\r\n");
 WriteLiteral("                                                    ");
 
             
-            #line 414 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 417 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                Write(dp.Name);
 
             
@@ -1809,7 +1812,7 @@ WriteLiteral("\r\n                                                </label>\r\n
 "                       </li>\r\n");
 
             
-            #line 417 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 420 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                             if (isDecommissioned)
                                             {
 
@@ -1823,7 +1826,7 @@ WriteLiteral(" class=\"hidden decommissioned-padding\"");
 WriteLiteral("></li>\r\n");
 
             
-            #line 420 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 423 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                             }
                                         }
 
@@ -1833,13 +1836,13 @@ WriteLiteral("></li>\r\n");
 WriteLiteral("                                    </ul>\r\n");
 
             
-            #line 423 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 426 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                     
             
             #line default
             #line hidden
             
-            #line 423 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 426 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                      if (Model.DecommissionedDeviceProfileIds.Count > 0)
                                     {
 
@@ -1855,7 +1858,7 @@ WriteLiteral(" href=\"#\"");
 WriteLiteral(">Show Decommissioned</a>\r\n");
 
             
-            #line 426 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 429 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                     }
 
             
@@ -1885,7 +1888,7 @@ WriteLiteral(">Move to Profiles Organisational Unit</label>\r\n
 "div>\r\n");
 
             
-            #line 431 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 434 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                             }
 
             
@@ -1897,7 +1900,7 @@ WriteLiteral("                        <script>\r\n                            $(
 "                              var currentProfile = \'");
 
             
-            #line 435 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 438 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                   Write(Model.Device.DeviceProfileId);
 
             
@@ -1960,7 +1963,7 @@ WriteLiteral("\';\r\n                                var button = $(\'#Device_Sh
 "                        });\r\n                        </script>\r\n");
 
             
-            #line 498 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 501 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     }
 
             
@@ -1975,13 +1978,13 @@ WriteLiteral(" class=\"status\"");
 WriteLiteral(">\r\n");
 
             
-            #line 501 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 504 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 501 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 504 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                      if (Model.Device.DeviceBatchId.HasValue)
                     {
 
@@ -1995,13 +1998,13 @@ WriteLiteral(" title=\"Device Batch\"");
 WriteLiteral(">\r\n");
 
             
-            #line 504 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 507 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 504 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 507 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                              if (Authorization.Has(Claims.Config.DeviceBatch.Show))
                             {
                                 
@@ -2009,14 +2012,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 506 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 509 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                            Write(Html.ActionLink(Model.Device.DeviceBatch.Name, MVC.Config.DeviceBatch.Index(Model.Device.DeviceBatchId.Value)));
 
             
             #line default
             #line hidden
             
-            #line 506 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 509 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                                                                                
                             }
                             else
@@ -2026,14 +2029,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 510 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 513 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                            Write(Model.Device.DeviceBatch.Name);
 
             
             #line default
             #line hidden
             
-            #line 510 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 513 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                               
                             }
 
@@ -2057,7 +2060,7 @@ WriteLiteral(">Purchased:</span>\r\n                                </td>\r\n
 WriteLiteral("                                    ");
 
             
-            #line 519 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 522 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                Write(CommonHelpers.FriendlyDate(Model.Device.DeviceBatch.PurchaseDate));
 
             
@@ -2075,7 +2078,7 @@ WriteLiteral(">Supplier:</span>\r\n                                </td>\r\n
 WriteLiteral("                                    ");
 
             
-            #line 527 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 530 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                 Write(Model.Device.DeviceBatch.Supplier ?? "Unknown");
 
             
@@ -2090,14 +2093,14 @@ WriteLiteral(" title=\"Warranty Valid Until\"");
 WriteLiteral(">Warranty Until:</span>\r\n                                </td>\r\n                 " +
 "               <td");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 34485), Tuple.Create("\"", 34633)
+WriteAttribute("class", Tuple.Create(" class=\"", 34719), Tuple.Create("\"", 34867)
             
-            #line 534 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 34493), Tuple.Create<System.Object, System.Int32>(Model.Device.DeviceBatch.WarrantyValidUntil.HasValue && Model.Device.DeviceBatch.WarrantyValidUntil.Value < DateTime.Now ? "alert" : null
+            #line 537 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 34727), Tuple.Create<System.Object, System.Int32>(Model.Device.DeviceBatch.WarrantyValidUntil.HasValue && Model.Device.DeviceBatch.WarrantyValidUntil.Value < DateTime.Now ? "alert" : null
             
             #line default
             #line hidden
-, 34493), false)
+, 34727), false)
 );
 
 WriteLiteral(">\r\n");
@@ -2105,7 +2108,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                                    ");
 
             
-            #line 535 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 538 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                Write(CommonHelpers.FriendlyDate(Model.Device.DeviceBatch.WarrantyValidUntil, "Unknown", null));
 
             
@@ -2123,7 +2126,7 @@ WriteLiteral(">Insurance Supplier:</span>\r\n                                </t
 WriteLiteral("                                    ");
 
             
-            #line 543 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 546 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                 Write(Model.Device.DeviceBatch.InsuranceSupplier ?? "Unknown");
 
             
@@ -2138,14 +2141,14 @@ WriteLiteral(" title=\"Insured Until\"");
 WriteLiteral(">Insured Until:</span>\r\n                                </td>\r\n                  " +
 "              <td");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 35487), Tuple.Create("\"", 35623)
+WriteAttribute("class", Tuple.Create(" class=\"", 35721), Tuple.Create("\"", 35857)
             
-            #line 550 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 35495), Tuple.Create<System.Object, System.Int32>(Model.Device.DeviceBatch.InsuredUntil.HasValue && Model.Device.DeviceBatch.InsuredUntil.Value < DateTime.Now ? "alert" : null
+            #line 553 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 35729), Tuple.Create<System.Object, System.Int32>(Model.Device.DeviceBatch.InsuredUntil.HasValue && Model.Device.DeviceBatch.InsuredUntil.Value < DateTime.Now ? "alert" : null
             
             #line default
             #line hidden
-, 35495), false)
+, 35729), false)
 );
 
 WriteLiteral(">\r\n");
@@ -2153,7 +2156,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                                    ");
 
             
-            #line 551 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 554 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                Write(CommonHelpers.FriendlyDate(Model.Device.DeviceBatch.InsuredUntil, "Unknown", null));
 
             
@@ -2163,7 +2166,7 @@ WriteLiteral("\r\n                                </td>\r\n
 "                   </table>\r\n");
 
             
-            #line 555 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 558 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     }
                     else
                     {
@@ -2174,7 +2177,7 @@ WriteLiteral("\r\n                                </td>\r\n
 WriteLiteral("                        <h2>Batch: <em>Not Associated</em></h2>\r\n");
 
             
-            #line 559 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 562 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     }
 
             
@@ -2183,7 +2186,7 @@ WriteLiteral("                        <h2>Batch: <em>Not Associated</em></h2>\r\
 WriteLiteral("                    ");
 
             
-            #line 560 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 563 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                      if (Model.Device.CanUpdateDeviceBatch())
                     {
 
@@ -2209,13 +2212,13 @@ WriteLiteral(" title=\"Assign to Device Batch\"");
 WriteLiteral(">\r\n                            <div>\r\n");
 
             
-            #line 565 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 568 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                 
             
             #line default
             #line hidden
             
-            #line 565 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 568 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                  using (Html.BeginForm(MVC.API.Device.UpdateDeviceBatchId(Model.Device.SerialNumber, null, true)))
                                 {
                                     
@@ -2223,14 +2226,14 @@ WriteLiteral(">\r\n                            <div>\r\n");
             #line default
             #line hidden
             
-            #line 567 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 570 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 567 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 570 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                             
 
             
@@ -2243,13 +2246,13 @@ WriteLiteral(" class=\"none\"");
 WriteLiteral(">\r\n");
 
             
-            #line 569 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 572 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                         
             
             #line default
             #line hidden
             
-            #line 569 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 572 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                          foreach (var db in Model.DeviceBatches.OrderBy(i => i.Name))
                                         {
                                             var isDecommissioned = Model.DecommissionedDeviceBatchIds.Contains(db.Id);
@@ -2259,27 +2262,27 @@ WriteLiteral(">\r\n");
             #line hidden
 WriteLiteral("                                            <li");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 36995), Tuple.Create("\"", 37040)
+WriteAttribute("class", Tuple.Create(" class=\"", 37229), Tuple.Create("\"", 37274)
             
-            #line 572 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 37003), Tuple.Create<System.Object, System.Int32>(isDecommissioned ? "hidden" : null
+            #line 575 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 37237), Tuple.Create<System.Object, System.Int32>(isDecommissioned ? "hidden" : null
             
             #line default
             #line hidden
-, 37003), false)
+, 37237), false)
 );
 
 WriteLiteral(">\r\n                                                <label");
 
-WriteAttribute("title", Tuple.Create(" title=\"", 37098), Tuple.Create("\"", 37154)
-, Tuple.Create(Tuple.Create("", 37106), Tuple.Create("Purchased:", 37106), true)
+WriteAttribute("title", Tuple.Create(" title=\"", 37332), Tuple.Create("\"", 37388)
+, Tuple.Create(Tuple.Create("", 37340), Tuple.Create("Purchased:", 37340), true)
             
-            #line 573 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create(" ", 37116), Tuple.Create<System.Object, System.Int32>(db.PurchaseDate.ToLongDateString()
+            #line 576 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create(" ", 37350), Tuple.Create<System.Object, System.Int32>(db.PurchaseDate.ToLongDateString()
             
             #line default
             #line hidden
-, 37117), false)
+, 37351), false)
 );
 
 WriteLiteral(">\r\n                                                    <input");
@@ -2289,7 +2292,7 @@ WriteLiteral(" type=\"radio\"");
 WriteLiteral(" data-devicebatchid=\"");
 
             
-            #line 574 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 577 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                        Write(db.Id);
 
             
@@ -2299,14 +2302,14 @@ WriteLiteral("\"");
 
 WriteLiteral(" name=\"DeviceBatchId\"");
 
-WriteAttribute("value", Tuple.Create(" value=\"", 37278), Tuple.Create("\"", 37292)
+WriteAttribute("value", Tuple.Create(" value=\"", 37512), Tuple.Create("\"", 37526)
             
-            #line 574 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                                               , Tuple.Create(Tuple.Create("", 37286), Tuple.Create<System.Object, System.Int32>(db.Id
+            #line 577 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                                               , Tuple.Create(Tuple.Create("", 37520), Tuple.Create<System.Object, System.Int32>(db.Id
             
             #line default
             #line hidden
-, 37286), false)
+, 37520), false)
 );
 
 WriteLiteral(" />\r\n");
@@ -2314,7 +2317,7 @@ WriteLiteral(" />\r\n");
 WriteLiteral("                                                    ");
 
             
-            #line 575 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 578 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                Write(db.Name);
 
             
@@ -2324,7 +2327,7 @@ WriteLiteral("\r\n                                                </label>\r\n
 "                       </li>\r\n");
 
             
-            #line 578 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 581 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                             if (isDecommissioned)
                                             {
 
@@ -2338,7 +2341,7 @@ WriteLiteral(" class=\"hidden decommissioned-padding\"");
 WriteLiteral("></li>\r\n");
 
             
-            #line 581 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 584 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                             }
                                         }
 
@@ -2348,7 +2351,7 @@ WriteLiteral("></li>\r\n");
 WriteLiteral("                                    </ul>\r\n");
 
             
-            #line 584 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 587 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                 }
 
             
@@ -2357,7 +2360,7 @@ WriteLiteral("                                    </ul>\r\n");
 WriteLiteral("                                ");
 
             
-            #line 585 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 588 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                  if (Model.DecommissionedDeviceBatchIds.Count > 0)
                                 {
 
@@ -2373,7 +2376,7 @@ WriteLiteral(" href=\"#\"");
 WriteLiteral(">Show Decommissioned</a>\r\n");
 
             
-            #line 588 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 591 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                 }
 
             
@@ -2385,7 +2388,7 @@ WriteLiteral("                        <script>\r\n                            $(
 "                              var currentBatch = \'");
 
             
-            #line 593 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 596 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                 Write(Model.Device.DeviceBatchId);
 
             
@@ -2445,7 +2448,7 @@ WriteLiteral("\';\r\n                                var button = $(\'#Device_Sh
 "       </script>\r\n");
 
             
-            #line 654 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 657 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     }
 
             
@@ -2472,13 +2475,13 @@ WriteLiteral(" title=\"Model Description\"");
 WriteLiteral(">\r\n");
 
             
-            #line 662 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 665 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 662 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 665 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                          if (Authorization.Has(Claims.Config.DeviceModel.Show))
                         {
                             
@@ -2486,14 +2489,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 664 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 667 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                        Write(Html.ActionLink(Model.Device.DeviceModel.ToString(), MVC.Config.DeviceModel.Index(Model.Device.DeviceModelId)));
 
             
             #line default
             #line hidden
             
-            #line 664 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 667 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                                                                            
                         }
                         else
@@ -2503,14 +2506,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 668 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 671 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                        Write(Model.Device.DeviceModel.ToString());
 
             
             #line default
             #line hidden
             
-            #line 668 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 671 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                 
                         }
 
@@ -2523,14 +2526,14 @@ WriteLiteral(" id=\"Device_Show_Aspects_Model_Image\"");
 
 WriteLiteral(" alt=\"Model Image\"");
 
-WriteAttribute("src", Tuple.Create(" src=\"", 43293), Tuple.Create("\"", 43403)
+WriteAttribute("src", Tuple.Create(" src=\"", 43527), Tuple.Create("\"", 43637)
             
-            #line 671 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-    , Tuple.Create(Tuple.Create("", 43299), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.DeviceModel.Image(Model.Device.DeviceModelId, Model.Device.DeviceModel.ImageHash()))
+            #line 674 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+    , Tuple.Create(Tuple.Create("", 43533), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.DeviceModel.Image(Model.Device.DeviceModelId, Model.Device.DeviceModel.ImageHash()))
             
             #line default
             #line hidden
-, 43299), false)
+, 43533), false)
 );
 
 WriteLiteral(" />\r\n                </div>\r\n            </div>\r\n        </td>\r\n    </tr>\r\n    <t" +
@@ -2545,13 +2548,13 @@ WriteLiteral(" id=\"Device_Show_Device_Actions\"");
 WriteLiteral(">\r\n");
 
             
-            #line 678 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 681 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
             
             
             #line default
             #line hidden
             
-            #line 678 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 681 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
              if (Model.Device.CanCreateJob())
             {
                 Html.BundleDeferred("~/ClientScripts/Modules/Disco-CreateJob");
@@ -2560,14 +2563,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 681 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 684 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
            Write(Html.ActionLinkSmallButton("Create Job", MVC.Job.Create(Model.Device.SerialNumber, Model.Device.AssignedUserId), "buttonCreateJob"));
 
             
             #line default
             #line hidden
             
-            #line 681 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 684 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                                                                                     
             }
 
@@ -2577,7 +2580,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("            ");
 
             
-            #line 683 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 686 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
              if (Model.Device.CanUpdateAssignment())
             {
 
@@ -2609,13 +2612,13 @@ WriteLiteral(" class=\"fa fa-info-circle information\"");
 WriteLiteral("></i>&nbsp;Assign to User:</h4>\r\n                    <br />\r\n");
 
             
-            #line 689 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 692 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 689 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 692 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.Device.UpdateAssignedUserId(Model.Device.SerialNumber, redirect: true)))
                     {
                         
@@ -2623,14 +2626,14 @@ WriteLiteral("></i>&nbsp;Assign to User:</h4>\r\n                    <br />\r\n"
             #line default
             #line hidden
             
-            #line 691 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 694 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 691 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 694 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                 
 
             
@@ -2647,7 +2650,7 @@ WriteLiteral(" type=\"text\"");
 WriteLiteral(" />\r\n");
 
             
-            #line 693 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 696 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     }
 
             
@@ -2669,13 +2672,13 @@ WriteLiteral(@">
 ");
 
             
-            #line 702 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 705 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 702 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 705 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                               
                     if (assignedUser != null)
                     {
@@ -2699,7 +2702,7 @@ WriteLiteral(@"
 WriteLiteral("\r\n");
 
             
-            #line 715 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 718 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     }
                                                 
             
@@ -2730,7 +2733,7 @@ WriteLiteral("\r\n                            \"Assign\": function () {\r\n
 " \'");
 
             
-            #line 746 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 749 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                              Write(Url.Action(MVC.API.Search.UsersUpstream()));
 
             
@@ -2760,7 +2763,7 @@ WriteLiteral(@"',
 ");
 
             
-            #line 767 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 770 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
             }
 
             
@@ -2769,27 +2772,23 @@ WriteLiteral(@"',
 WriteLiteral("            ");
 
             
-            #line 768 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-             if (Model.Device.CanAddDeviceFlags() && Model.AvailableDeviceFlags != null && Model.AvailableDeviceFlags.Count > 0)
+            #line 771 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+             if (Model.AvailableDeviceFlags != null && Model.AvailableDeviceFlags.Count > 0)
             {
-                
-            
-            #line default
-            #line hidden
-            
-            #line 770 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-           Write(Html.ActionLinkSmallButton("Add Flag", MVC.API.DeviceFlagAssignment.AddDevice(), "Device_Show_Details_Actions_AddFlag_Button"));
 
             
             #line default
             #line hidden
-            
-            #line 770 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                                                                                                                                               
+WriteLiteral("                <button");
+
+WriteLiteral(" id=\"Device_Show_Details_Actions_AddFlag_Button\"");
+
+WriteLiteral(" type=\"button\"");
+
+WriteLiteral(" class=\"button small\"");
+
+WriteLiteral(">Add Flag</button>\r\n");
 
-            
-            #line default
-            #line hidden
 WriteLiteral("                <div");
 
 WriteLiteral(" id=\"Device_Show_Details_Actions_AddFlag_Dialog\"");
@@ -2801,15 +2800,29 @@ WriteLiteral(" title=\"Add Device Flag\"");
 WriteLiteral(">\r\n");
 
             
-            #line 772 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 775 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 772 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 775 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.DeviceFlagAssignment.AddDevice()))
                     {
+                        
+            
+            #line default
+            #line hidden
+            
+            #line 777 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                   Write(Html.AntiForgeryToken());
+
+            
+            #line default
+            #line hidden
+            
+            #line 777 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                                                
 
             
             #line default
@@ -2832,14 +2845,14 @@ WriteLiteral(" type=\"hidden\"");
 
 WriteLiteral(" name=\"DeviceSerialNumber\"");
 
-WriteAttribute("value", Tuple.Create(" value=\"", 49301), Tuple.Create("\"", 49335)
+WriteAttribute("value", Tuple.Create(" value=\"", 49530), Tuple.Create("\"", 49564)
             
-            #line 775 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                                                                , Tuple.Create(Tuple.Create("", 49309), Tuple.Create<System.Object, System.Int32>(Model.Device.SerialNumber
+            #line 779 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                                                                , Tuple.Create(Tuple.Create("", 49538), Tuple.Create<System.Object, System.Int32>(Model.Device.SerialNumber
             
             #line default
             #line hidden
-, 49309), false)
+, 49538), false)
 );
 
 WriteLiteral(" />\r\n");
@@ -2861,13 +2874,13 @@ WriteLiteral(" autocomplete=\"off\"");
 WriteLiteral(" />\r\n");
 
             
-            #line 778 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 782 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 778 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 782 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                              foreach (var flag in Model.AvailableDeviceFlags.OrderBy(jq => jq.Name))
                             {
 
@@ -2881,7 +2894,7 @@ WriteLiteral(" class=\"flag\"");
 WriteLiteral(" data-flagid=\"");
 
             
-            #line 780 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 784 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                            Write(flag.Id);
 
             
@@ -2892,7 +2905,7 @@ WriteLiteral("\"");
 WriteLiteral(" data-flagname=\"");
 
             
-            #line 780 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 784 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                      Write(flag.Name);
 
             
@@ -2902,32 +2915,32 @@ WriteLiteral("\"");
 
 WriteLiteral(">\r\n                                    <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 49812), Tuple.Create("\"", 49871)
-, Tuple.Create(Tuple.Create("", 49820), Tuple.Create("fa", 49820), true)
-, Tuple.Create(Tuple.Create(" ", 49822), Tuple.Create("fa-", 49823), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 50041), Tuple.Create("\"", 50100)
+, Tuple.Create(Tuple.Create("", 50049), Tuple.Create("fa", 50049), true)
+, Tuple.Create(Tuple.Create(" ", 50051), Tuple.Create("fa-", 50052), true)
             
-            #line 781 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 49826), Tuple.Create<System.Object, System.Int32>(flag.Icon
+            #line 785 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 50055), Tuple.Create<System.Object, System.Int32>(flag.Icon
             
             #line default
             #line hidden
-, 49826), false)
-, Tuple.Create(Tuple.Create(" ", 49838), Tuple.Create("fa-fw", 49839), true)
-, Tuple.Create(Tuple.Create(" ", 49844), Tuple.Create("fa-lg", 49845), true)
-, Tuple.Create(Tuple.Create(" ", 49850), Tuple.Create("d-", 49851), true)
+, 50055), false)
+, Tuple.Create(Tuple.Create(" ", 50067), Tuple.Create("fa-fw", 50068), true)
+, Tuple.Create(Tuple.Create(" ", 50073), Tuple.Create("fa-lg", 50074), true)
+, Tuple.Create(Tuple.Create(" ", 50079), Tuple.Create("d-", 50080), true)
             
-            #line 781 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 49853), Tuple.Create<System.Object, System.Int32>(flag.IconColour
+            #line 785 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 50082), Tuple.Create<System.Object, System.Int32>(flag.IconColour
             
             #line default
             #line hidden
-, 49853), false)
+, 50082), false)
 );
 
 WriteLiteral("></i>");
 
             
-            #line 781 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 785 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                                   Write(flag.Name);
 
             
@@ -2936,7 +2949,7 @@ WriteLiteral("></i>");
 WriteLiteral("\r\n                                </div>\r\n");
 
             
-            #line 783 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 787 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                             }
 
             
@@ -2959,7 +2972,7 @@ WriteLiteral("></textarea>\r\n                            </div>\r\n
 "\n");
 
             
-            #line 791 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 795 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     }
 
             
@@ -2973,62 +2986,58 @@ WriteLiteral(" type=\"text/javascript\"");
 
 WriteLiteral(">\r\n                    $(function () {\r\n                        const button = $(" +
 "\'#Device_Show_Details_Actions_AddFlag_Button\');\r\n                        let but" +
-"tonDialog = null;\r\n                        const buttonLink = button.attr(\'href\'" +
-");\r\n\r\n                        let flagPicker = null;\r\n                        le" +
-"t flagAddId = null;\r\n                        let flagAddComments = null;\r\n      " +
-"                  let details = null;\r\n\r\n                        function flagSe" +
-"lected() {\r\n                            const flag = $(this);\r\n\r\n               " +
-"             flagPicker.children().removeClass(\'selected\');\r\n                   " +
-"         flag.addClass(\'selected\');\r\n\r\n                            flagAddId.val" +
-"(flag.attr(\'data-flagid\'));\r\n\r\n                            details.show();\r\n\r\n  " +
-"                          flagAddComments.focus().select();\r\n                   " +
-"     }\r\n\r\n                        button.attr(\'href\', \'#\').click(function (e) {\r" +
-"\n                            e.preventDefault();\r\n\r\n                            " +
-"if (!buttonDialog) {\r\n                                buttonDialog = $(\'#Device_" +
-"Show_Details_Actions_AddFlag_Dialog\');\r\n                                buttonDi" +
-"alog.dialog({\r\n                                    width: 600,\r\n                " +
-"                    height: 410,\r\n                                    resizable:" +
-" false,\r\n                                    modal: true,\r\n                     " +
-"               autoOpen: false,\r\n                                    buttons: {\r" +
-"\n                                        Cancel: function () {\r\n                " +
-"                            $(this).dialog(\"close\");\r\n                          " +
-"              },\r\n                                        \"Add Flag\": function (" +
-") {\r\n                                            if (!!flagAddId.val()) {\r\n     " +
-"                                           const $this = $(this);\r\n             " +
-"                                   $this.dialog(\"disable\");\r\n                   " +
-"                             $this.dialog(\"option\", \"buttons\", null);\r\n         " +
-"                                       buttonDialog.find(\'form\').submit();\r\n    " +
-"                                        } else {\r\n                              " +
-"                  alert(\'Select a Device Flag\');\r\n                              " +
-"              }\r\n                                        }\r\n                    " +
-"                }\r\n                                });\r\n\r\n                      " +
-"          flagAddId = $(\'#Device_Show_Details_Actions_AddFlag_Dialog_Id\');\r\n    " +
-"                            flagAddComments = buttonDialog.find(\'#Device_Show_De" +
-"tails_Actions_AddFlag_Dialog_Comments\');\r\n                                flagPi" +
-"cker = buttonDialog.find(\'.flagPicker\');\r\n                                detail" +
-"s = buttonDialog.find(\'.details\');\r\n\r\n                                $(\'#Device" +
-"_Show_Details_Actions_AddFlag_Dialog_Filter\').on(\'keyup\', function (e) {\r\n      " +
-"                              const filter = $(e.currentTarget).val().toLowerCas" +
-"e();\r\n                                    if (filter) {\r\n                       " +
-"                 flagPicker.children(\'div.flag\').each(function () {\r\n           " +
-"                                 const $this = $(this);\r\n                       " +
-"                     if ($this.attr(\'data-flagname\').toLowerCase().indexOf(filte" +
-"r) >= 0) {\r\n                                                $this.css(\'display\'," +
-" \'block\');\r\n                                            } else {\r\n              " +
-"                                  $this.css(\'display\', \'none\');\r\n               " +
-"                             }\r\n                                        });\r\n   " +
-"                                 } else {\r\n                                     " +
-"   flagPicker.children(\'div.flag\').each(function () { $(this).css(\'display\', \'bl" +
-"ock\'); });\r\n                                    }\r\n                             " +
-"   });\r\n\r\n                                flagPicker.on(\'click\', \'div.flag\', fla" +
-"gSelected);\r\n                            }\r\n\r\n                            $(\'#De" +
-"vice_Show_Details_Actions_AddFlag_Dialog_Filter\').val(\'\');\r\n                    " +
-"        buttonDialog.dialog(\'open\');\r\n                            return false;\r" +
-"\n                        });\r\n                    });\r\n                </script>" +
-"\r\n");
+"tonDialog = null;\r\n\r\n                        let flagPicker = null;\r\n           " +
+"             let flagAddId = null;\r\n                        let flagAddComments " +
+"= null;\r\n                        let details = null;\r\n\r\n                        " +
+"function flagSelected() {\r\n                            const flag = $(this);\r\n\r\n" +
+"                            flagPicker.children().removeClass(\'selected\');\r\n    " +
+"                        flag.addClass(\'selected\');\r\n\r\n                          " +
+"  flagAddId.val(flag.attr(\'data-flagid\'));\r\n\r\n                            detail" +
+"s.show();\r\n\r\n                            flagAddComments.focus().select();\r\n    " +
+"                    }\r\n\r\n                        button.click(function (e) {\r\n  " +
+"                          if (!buttonDialog) {\r\n                                " +
+"buttonDialog = $(\'#Device_Show_Details_Actions_AddFlag_Dialog\');\r\n              " +
+"                  buttonDialog.dialog({\r\n                                    wid" +
+"th: 600,\r\n                                    height: 410,\r\n                    " +
+"                resizable: false,\r\n                                    modal: tr" +
+"ue,\r\n                                    autoOpen: false,\r\n                     " +
+"               buttons: {\r\n                                        Cancel: funct" +
+"ion () {\r\n                                            $(this).dialog(\"close\");\r\n" +
+"                                        },\r\n                                    " +
+"    \"Add Flag\": function () {\r\n                                            if (!" +
+"!flagAddId.val()) {\r\n                                                buttonDialo" +
+"g\r\n                                                    .dialog(\"option\", \"button" +
+"s\", null)\r\n                                                    .find(\'form\').sub" +
+"mit();\r\n                                            } else {\r\n                  " +
+"                              alert(\'Select a Device Flag\');\r\n                  " +
+"                          }\r\n                                        }\r\n        " +
+"                            }\r\n                                });\r\n\r\n          " +
+"                      flagAddId = $(\'#Device_Show_Details_Actions_AddFlag_Dialog" +
+"_Id\');\r\n                                flagAddComments = buttonDialog.find(\'#De" +
+"vice_Show_Details_Actions_AddFlag_Dialog_Comments\');\r\n                          " +
+"      flagPicker = buttonDialog.find(\'.flagPicker\');\r\n                          " +
+"      details = buttonDialog.find(\'.details\');\r\n\r\n                              " +
+"  $(\'#Device_Show_Details_Actions_AddFlag_Dialog_Filter\').on(\'keyup\', function (" +
+"e) {\r\n                                    const filter = $(e.currentTarget).val(" +
+").toLowerCase();\r\n                                    if (filter) {\r\n           " +
+"                             flagPicker.children(\'div.flag\').each(function () {\r" +
+"\n                                            const $this = $(this);\r\n           " +
+"                                 if ($this.attr(\'data-flagname\').toLowerCase().i" +
+"ndexOf(filter) >= 0) {\r\n                                                $this.cs" +
+"s(\'display\', \'block\');\r\n                                            } else {\r\n  " +
+"                                              $this.css(\'display\', \'none\');\r\n   " +
+"                                         }\r\n                                    " +
+"    });\r\n                                    } else {\r\n                         " +
+"               flagPicker.children(\'div.flag\').each(function () { $(this).css(\'d" +
+"isplay\', \'block\'); });\r\n                                    }\r\n                 " +
+"               });\r\n\r\n                                flagPicker.on(\'click\', \'di" +
+"v.flag\', flagSelected);\r\n                            }\r\n\r\n                      " +
+"      $(\'#Device_Show_Details_Actions_AddFlag_Dialog_Filter\').val(\'\');\r\n        " +
+"                    buttonDialog.dialog(\'open\');\r\n                        });\r\n " +
+"                   });\r\n                </script>\r\n");
 
             
-            #line 875 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 874 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
             }
 
             
@@ -3037,7 +3046,7 @@ WriteLiteral(">\r\n                    $(function () {\r\n
 WriteLiteral("            ");
 
             
-            #line 876 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 875 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
              if (Model.Device.CanUpdateTrustEnrol())
             {
 
@@ -3065,13 +3074,13 @@ WriteLiteral(" title=\"Trust this Device?\"");
 WriteLiteral(">\r\n");
 
             
-            #line 880 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 879 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 880 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 879 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.Device.UpdateAllowUnauthenticatedEnrol(Model.Device.SerialNumber, true.ToString(), true)))
                     {
                         
@@ -3079,14 +3088,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 882 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 881 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 882 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 881 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                 
                     }
 
@@ -3119,7 +3128,7 @@ WriteLiteral("></i>This action will allow a device <em>claiming</em> to have the
 "\'");
 
             
-            #line 892 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 891 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                                                                                Write(Model.Device.SerialNumber);
 
             
@@ -3167,7 +3176,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 925 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 924 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
             }
 
             
@@ -3176,7 +3185,7 @@ WriteLiteral(@">
 WriteLiteral("            ");
 
             
-            #line 926 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 925 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
              if (Model.Device.CanUpdateUntrustEnrol())
             {
 
@@ -3204,13 +3213,13 @@ WriteLiteral(" title=\"Untrust this Device?\"");
 WriteLiteral(">\r\n");
 
             
-            #line 930 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 929 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 930 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 929 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.Device.UpdateAllowUnauthenticatedEnrol(Model.Device.SerialNumber, false.ToString(), true)))
                     {
                         
@@ -3218,14 +3227,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 932 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 931 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 932 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 931 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                 
                     }
 
@@ -3288,7 +3297,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 969 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 968 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
             }
 
             
@@ -3297,7 +3306,7 @@ WriteLiteral(@">
 WriteLiteral("            ");
 
             
-            #line 970 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 969 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
              if (Model.Device.CanDecommission())
             {
 
@@ -3325,13 +3334,13 @@ WriteLiteral(" title=\"Device Decommissioning\"");
 WriteLiteral(">\r\n");
 
             
-            #line 974 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 973 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 974 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 973 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.Device.Decommission(Model.Device.SerialNumber, null, true)))
                     {
                         
@@ -3339,14 +3348,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 976 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 975 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 976 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 975 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                 
 
             
@@ -3372,13 +3381,13 @@ WriteLiteral(" class=\"none\"");
 WriteLiteral(">\r\n");
 
             
-            #line 982 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 981 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                 
             
             #line default
             #line hidden
             
-            #line 982 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 981 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                  foreach (DecommissionReasons decommissionReason in Enum.GetValues(typeof(DecommissionReasons)).Cast<DecommissionReasons>().OrderBy(r => r.ToString()))
                                 {
 
@@ -3390,33 +3399,33 @@ WriteLiteral("                                    <li>\r\n
 
 WriteLiteral(" type=\"radio\"");
 
-WriteAttribute("id", Tuple.Create(" id=\"", 61421), Tuple.Create("\"", 61499)
-, Tuple.Create(Tuple.Create("", 61426), Tuple.Create("Device_Show_Device_Actions_Decommission_Reason_", 61426), true)
+WriteAttribute("id", Tuple.Create(" id=\"", 61379), Tuple.Create("\"", 61457)
+, Tuple.Create(Tuple.Create("", 61384), Tuple.Create("Device_Show_Device_Actions_Decommission_Reason_", 61384), true)
             
-            #line 985 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                               , Tuple.Create(Tuple.Create("", 61473), Tuple.Create<System.Object, System.Int32>((int)decommissionReason
+            #line 984 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                               , Tuple.Create(Tuple.Create("", 61431), Tuple.Create<System.Object, System.Int32>((int)decommissionReason
             
             #line default
             #line hidden
-, 61473), false)
+, 61431), false)
 );
 
 WriteLiteral("\r\n                                               name=\"Reason\"");
 
-WriteAttribute("value", Tuple.Create(" value=\"", 61562), Tuple.Create("\"", 61596)
+WriteAttribute("value", Tuple.Create(" value=\"", 61520), Tuple.Create("\"", 61554)
             
-            #line 986 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 61570), Tuple.Create<System.Object, System.Int32>((int)decommissionReason
+            #line 985 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 61528), Tuple.Create<System.Object, System.Int32>((int)decommissionReason
             
             #line default
             #line hidden
-, 61570), false)
+, 61528), false)
 );
 
 WriteLiteral(" ");
 
             
-            #line 986 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 985 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                             Write((decommissionReason == DecommissionReasons.EndOfLife) ? "checked=\"checked\"" : string.Empty);
 
             
@@ -3424,21 +3433,21 @@ WriteLiteral(" ");
             #line hidden
 WriteLiteral(" />\r\n                                        <label");
 
-WriteAttribute("for", Tuple.Create(" for=\"", 61744), Tuple.Create("\"", 61823)
-, Tuple.Create(Tuple.Create("", 61750), Tuple.Create("Device_Show_Device_Actions_Decommission_Reason_", 61750), true)
+WriteAttribute("for", Tuple.Create(" for=\"", 61702), Tuple.Create("\"", 61781)
+, Tuple.Create(Tuple.Create("", 61708), Tuple.Create("Device_Show_Device_Actions_Decommission_Reason_", 61708), true)
             
-            #line 987 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
-                   , Tuple.Create(Tuple.Create("", 61797), Tuple.Create<System.Object, System.Int32>((int)decommissionReason
+            #line 986 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+                   , Tuple.Create(Tuple.Create("", 61755), Tuple.Create<System.Object, System.Int32>((int)decommissionReason
             
             #line default
             #line hidden
-, 61797), false)
+, 61755), false)
 );
 
 WriteLiteral(">");
 
             
-            #line 987 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 986 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                                                                                            Write(decommissionReason.ReasonMessage());
 
             
@@ -3447,7 +3456,7 @@ WriteLiteral(">");
 WriteLiteral("</label>\r\n                                    </li>\r\n");
 
             
-            #line 989 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 988 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                 }
 
             
@@ -3456,7 +3465,7 @@ WriteLiteral("</label>\r\n                                    </li>\r\n");
 WriteLiteral("                            </ul>\r\n                        </div>\r\n");
 
             
-            #line 992 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 991 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     }
 
             
@@ -3497,7 +3506,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 1020 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1019 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
             }
 
             
@@ -3506,7 +3515,7 @@ WriteLiteral(@">
 WriteLiteral("            ");
 
             
-            #line 1021 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1020 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
              if (Model.Device.CanRecommission())
             {
 
@@ -3534,13 +3543,13 @@ WriteLiteral(" title=\"Recommission this Device?\"");
 WriteLiteral(">\r\n");
 
             
-            #line 1025 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1024 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 1025 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1024 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.Device.Recommission(Model.Device.SerialNumber, true)))
                     {
                         
@@ -3548,14 +3557,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 1027 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1026 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 1027 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1026 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                 
                     }
 
@@ -3602,7 +3611,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 1060 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1059 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
             }
 
             
@@ -3611,7 +3620,7 @@ WriteLiteral(@">
 WriteLiteral("            ");
 
             
-            #line 1061 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1060 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
              if (Model.Device.CanDelete())
             {
 
@@ -3639,13 +3648,13 @@ WriteLiteral(" title=\"Delete this Device?\"");
 WriteLiteral(">\r\n");
 
             
-            #line 1065 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1064 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 1065 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1064 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.Device.Delete(Model.Device.SerialNumber, true)))
                     {
                         
@@ -3653,14 +3662,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 1067 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1066 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 1067 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1066 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
                                                 
                     }
 
@@ -3712,7 +3721,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 1102 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
+            #line 1101 "..\..\Views\Device\DeviceParts\_Subject.cshtml"
             }
 
             
diff --git a/Disco.Web/Views/Device/Show.cshtml b/Disco.Web/Views/Device/Show.cshtml
index e3e5a0b7..d558e38e 100644
--- a/Disco.Web/Views/Device/Show.cshtml
+++ b/Disco.Web/Views/Device/Show.cshtml
@@ -19,17 +19,20 @@
             });
         </script>
     </div>
-    @if (Authorization.Has(Claims.Device.ShowFlagAssignments))
+    @if (Model.Device.DeviceFlagAssignments.CanShowAny())
     {
         <div id="Device_Show_Flags">
             @foreach (var flag in Model.Device.DeviceFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, DeviceFlagService.GetDeviceFlag(f.DeviceFlagId))))
             {
-                <i class="flag fa fa-@(flag.Item2.Icon) fa-fw fa-lg d-@(flag.Item2.IconColour)">
-                    <span class="details">
-                        <span class="name">@flag.Item2.Name</span>@if (flag.Item1.Comments != null)
-                        {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUser)</span>
-                    </span>
-                </i>
+                if (flag.Item2.permission.CanShow())
+                {
+                    <i class="flag fa fa-@(flag.Item2.flag.Icon) fa-fw fa-lg d-@(flag.Item2.flag.IconColour)">
+                        <span class="details">
+                            <span class="name">@flag.Item2.flag.Name</span>@if (flag.Item1.Comments != null)
+                            {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUser)</span>
+                        </span>
+                    </i>
+                }
             }
         </div>
         <script type="text/javascript">
@@ -116,7 +119,7 @@
         {
             @Html.Partial(MVC.Device.Views.DeviceParts._Resources, Model)
         }
-        @if (Authorization.Has(Claims.Device.ShowFlagAssignments))
+        @if (Authorization.Has(Claims.Device.ShowFlagAssignments) || Model.Device.DeviceFlagAssignments.CanShowAny())
         {
             @Html.Partial(MVC.Device.Views.DeviceParts._Flags, Model)
         }
diff --git a/Disco.Web/Views/Device/Show.generated.cs b/Disco.Web/Views/Device/Show.generated.cs
index 940ce4bc..eea311e0 100644
--- a/Disco.Web/Views/Device/Show.generated.cs
+++ b/Disco.Web/Views/Device/Show.generated.cs
@@ -122,7 +122,7 @@ WriteLiteral(">\r\n            $(function () {\r\n                $(\'#Device_Sh
             #line hidden
             
             #line 22 "..\..\Views\Device\Show.cshtml"
-     if (Authorization.Has(Claims.Device.ShowFlagAssignments))
+     if (Model.Device.DeviceFlagAssignments.CanShowAny())
     {
 
             
@@ -144,48 +144,50 @@ WriteLiteral(">\r\n");
             #line 25 "..\..\Views\Device\Show.cshtml"
              foreach (var flag in Model.Device.DeviceFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, DeviceFlagService.GetDeviceFlag(f.DeviceFlagId))))
             {
+                if (flag.Item2.permission.CanShow())
+                {
 
             
             #line default
             #line hidden
-WriteLiteral("                <i");
+WriteLiteral("                    <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 1178), Tuple.Create("\"", 1254)
-, Tuple.Create(Tuple.Create("", 1186), Tuple.Create("flag", 1186), true)
-, Tuple.Create(Tuple.Create(" ", 1190), Tuple.Create("fa", 1191), true)
-, Tuple.Create(Tuple.Create(" ", 1193), Tuple.Create("fa-", 1194), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 1250), Tuple.Create("\"", 1336)
+, Tuple.Create(Tuple.Create("", 1258), Tuple.Create("flag", 1258), true)
+, Tuple.Create(Tuple.Create(" ", 1262), Tuple.Create("fa", 1263), true)
+, Tuple.Create(Tuple.Create(" ", 1265), Tuple.Create("fa-", 1266), true)
             
-            #line 27 "..\..\Views\Device\Show.cshtml"
-, Tuple.Create(Tuple.Create("", 1197), Tuple.Create<System.Object, System.Int32>(flag.Item2.Icon
+            #line 29 "..\..\Views\Device\Show.cshtml"
+, Tuple.Create(Tuple.Create("", 1269), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.Icon
             
             #line default
             #line hidden
-, 1197), false)
-, Tuple.Create(Tuple.Create(" ", 1215), Tuple.Create("fa-fw", 1216), true)
-, Tuple.Create(Tuple.Create(" ", 1221), Tuple.Create("fa-lg", 1222), true)
-, Tuple.Create(Tuple.Create(" ", 1227), Tuple.Create("d-", 1228), true)
+, 1269), false)
+, Tuple.Create(Tuple.Create(" ", 1292), Tuple.Create("fa-fw", 1293), true)
+, Tuple.Create(Tuple.Create(" ", 1298), Tuple.Create("fa-lg", 1299), true)
+, Tuple.Create(Tuple.Create(" ", 1304), Tuple.Create("d-", 1305), true)
             
-            #line 27 "..\..\Views\Device\Show.cshtml"
-, Tuple.Create(Tuple.Create("", 1230), Tuple.Create<System.Object, System.Int32>(flag.Item2.IconColour
+            #line 29 "..\..\Views\Device\Show.cshtml"
+, Tuple.Create(Tuple.Create("", 1307), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.IconColour
             
             #line default
             #line hidden
-, 1230), false)
+, 1307), false)
 );
 
-WriteLiteral(">\r\n                    <span");
+WriteLiteral(">\r\n                        <span");
 
 WriteLiteral(" class=\"details\"");
 
-WriteLiteral(">\r\n                        <span");
+WriteLiteral(">\r\n                            <span");
 
 WriteLiteral(" class=\"name\"");
 
 WriteLiteral(">");
 
             
-            #line 29 "..\..\Views\Device\Show.cshtml"
-                                      Write(flag.Item2.Name);
+            #line 31 "..\..\Views\Device\Show.cshtml"
+                                          Write(flag.Item2.flag.Name);
 
             
             #line default
@@ -193,9 +195,9 @@ WriteLiteral(">");
 WriteLiteral("</span>");
 
             
-            #line 29 "..\..\Views\Device\Show.cshtml"
-                                                                   if (flag.Item1.Comments != null)
-                        {
+            #line 31 "..\..\Views\Device\Show.cshtml"
+                                                                            if (flag.Item1.Comments != null)
+                            {
             
             #line default
             #line hidden
@@ -206,8 +208,8 @@ WriteLiteral(" class=\"comments\"");
 WriteLiteral(">");
 
             
-            #line 30 "..\..\Views\Device\Show.cshtml"
-                                           Write(flag.Item1.Comments.ToHtmlComment());
+            #line 32 "..\..\Views\Device\Show.cshtml"
+                                               Write(flag.Item1.Comments.ToHtmlComment());
 
             
             #line default
@@ -215,8 +217,8 @@ WriteLiteral(">");
 WriteLiteral("</span>");
 
             
-            #line 30 "..\..\Views\Device\Show.cshtml"
-                                                                                           }
+            #line 32 "..\..\Views\Device\Show.cshtml"
+                                                                                               }
             
             #line default
             #line hidden
@@ -227,16 +229,17 @@ WriteLiteral(" class=\"added\"");
 WriteLiteral(">");
 
             
-            #line 30 "..\..\Views\Device\Show.cshtml"
-                                                                                                           Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUser));
+            #line 32 "..\..\Views\Device\Show.cshtml"
+                                                                                                               Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUser));
 
             
             #line default
             #line hidden
-WriteLiteral("</span>\r\n                    </span>\r\n                </i>\r\n");
+WriteLiteral("</span>\r\n                        </span>\r\n                    </i>\r\n");
 
             
-            #line 33 "..\..\Views\Device\Show.cshtml"
+            #line 35 "..\..\Views\Device\Show.cshtml"
+                }
             }
 
             
@@ -282,7 +285,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 66 "..\..\Views\Device\Show.cshtml"
+            #line 69 "..\..\Views\Device\Show.cshtml"
     }
 
             
@@ -291,7 +294,7 @@ WriteLiteral(@">
 WriteLiteral("    ");
 
             
-            #line 67 "..\..\Views\Device\Show.cshtml"
+            #line 70 "..\..\Views\Device\Show.cshtml"
 Write(Html.Partial(MVC.Device.Views.DeviceParts._Subject, Model));
 
             
@@ -332,13 +335,13 @@ WriteLiteral(" id=\"DeviceDetailTabItems\"");
 WriteLiteral("></ul>\r\n");
 
             
-            #line 103 "..\..\Views\Device\Show.cshtml"
+            #line 106 "..\..\Views\Device\Show.cshtml"
         
             
             #line default
             #line hidden
             
-            #line 103 "..\..\Views\Device\Show.cshtml"
+            #line 106 "..\..\Views\Device\Show.cshtml"
          if (Authorization.HasAny(Claims.Device.ShowComments, Claims.Device.ShowJobs))
         {
             
@@ -346,14 +349,14 @@ WriteLiteral("></ul>\r\n");
             #line default
             #line hidden
             
-            #line 105 "..\..\Views\Device\Show.cshtml"
+            #line 108 "..\..\Views\Device\Show.cshtml"
        Write(Html.Partial(MVC.Device.Views.DeviceParts._CommentsAndJobs, Model));
 
             
             #line default
             #line hidden
             
-            #line 105 "..\..\Views\Device\Show.cshtml"
+            #line 108 "..\..\Views\Device\Show.cshtml"
                                                                                
         }
 
@@ -363,7 +366,7 @@ WriteLiteral("></ul>\r\n");
 WriteLiteral("        ");
 
             
-            #line 107 "..\..\Views\Device\Show.cshtml"
+            #line 110 "..\..\Views\Device\Show.cshtml"
          if (Authorization.Has(Claims.Device.ShowDetails))
         {
             
@@ -371,14 +374,14 @@ WriteLiteral("        ");
             #line default
             #line hidden
             
-            #line 109 "..\..\Views\Device\Show.cshtml"
+            #line 112 "..\..\Views\Device\Show.cshtml"
        Write(Html.Partial(MVC.Device.Views.DeviceParts._Details, Model));
 
             
             #line default
             #line hidden
             
-            #line 109 "..\..\Views\Device\Show.cshtml"
+            #line 112 "..\..\Views\Device\Show.cshtml"
                                                                        
         }
 
@@ -388,7 +391,7 @@ WriteLiteral("        ");
 WriteLiteral("        ");
 
             
-            #line 111 "..\..\Views\Device\Show.cshtml"
+            #line 114 "..\..\Views\Device\Show.cshtml"
          if (Authorization.Has(Claims.Device.ShowAssignmentHistory))
         {
             
@@ -396,14 +399,14 @@ WriteLiteral("        ");
             #line default
             #line hidden
             
-            #line 113 "..\..\Views\Device\Show.cshtml"
+            #line 116 "..\..\Views\Device\Show.cshtml"
        Write(Html.Partial(MVC.Device.Views.DeviceParts._AssignmentHistory, Model));
 
             
             #line default
             #line hidden
             
-            #line 113 "..\..\Views\Device\Show.cshtml"
+            #line 116 "..\..\Views\Device\Show.cshtml"
                                                                                  
         }
 
@@ -413,7 +416,7 @@ WriteLiteral("        ");
 WriteLiteral("        ");
 
             
-            #line 115 "..\..\Views\Device\Show.cshtml"
+            #line 118 "..\..\Views\Device\Show.cshtml"
          if (Authorization.Has(Claims.Device.ShowAttachments))
         {
             
@@ -421,14 +424,14 @@ WriteLiteral("        ");
             #line default
             #line hidden
             
-            #line 117 "..\..\Views\Device\Show.cshtml"
+            #line 120 "..\..\Views\Device\Show.cshtml"
        Write(Html.Partial(MVC.Device.Views.DeviceParts._Resources, Model));
 
             
             #line default
             #line hidden
             
-            #line 117 "..\..\Views\Device\Show.cshtml"
+            #line 120 "..\..\Views\Device\Show.cshtml"
                                                                          
         }
 
@@ -438,22 +441,22 @@ WriteLiteral("        ");
 WriteLiteral("        ");
 
             
-            #line 119 "..\..\Views\Device\Show.cshtml"
-         if (Authorization.Has(Claims.Device.ShowFlagAssignments))
+            #line 122 "..\..\Views\Device\Show.cshtml"
+         if (Authorization.Has(Claims.Device.ShowFlagAssignments) || Model.Device.DeviceFlagAssignments.CanShowAny())
         {
             
             
             #line default
             #line hidden
             
-            #line 121 "..\..\Views\Device\Show.cshtml"
+            #line 124 "..\..\Views\Device\Show.cshtml"
        Write(Html.Partial(MVC.Device.Views.DeviceParts._Flags, Model));
 
             
             #line default
             #line hidden
             
-            #line 121 "..\..\Views\Device\Show.cshtml"
+            #line 124 "..\..\Views\Device\Show.cshtml"
                                                                      
         }
 
@@ -463,7 +466,7 @@ WriteLiteral("        ");
 WriteLiteral("        ");
 
             
-            #line 123 "..\..\Views\Device\Show.cshtml"
+            #line 126 "..\..\Views\Device\Show.cshtml"
          if (Authorization.Has(Claims.Device.ShowCertificates))
         {
             
@@ -471,14 +474,14 @@ WriteLiteral("        ");
             #line default
             #line hidden
             
-            #line 125 "..\..\Views\Device\Show.cshtml"
+            #line 128 "..\..\Views\Device\Show.cshtml"
        Write(Html.Partial(MVC.Device.Views.DeviceParts._Certificates, Model));
 
             
             #line default
             #line hidden
             
-            #line 125 "..\..\Views\Device\Show.cshtml"
+            #line 128 "..\..\Views\Device\Show.cshtml"
                                                                             
         }
 
@@ -488,13 +491,13 @@ WriteLiteral("        ");
 WriteLiteral("    </div>\r\n");
 
             
-            #line 128 "..\..\Views\Device\Show.cshtml"
+            #line 131 "..\..\Views\Device\Show.cshtml"
     
             
             #line default
             #line hidden
             
-            #line 128 "..\..\Views\Device\Show.cshtml"
+            #line 131 "..\..\Views\Device\Show.cshtml"
      if (requiresLive)
     {
 
@@ -550,7 +553,7 @@ WriteLiteral("        <script>\r\n            $(function () {\r\n
 "     </script>\r\n");
 
             
-            #line 197 "..\..\Views\Device\Show.cshtml"
+            #line 200 "..\..\Views\Device\Show.cshtml"
     }
 
             
diff --git a/Disco.Web/Views/Device/_DeviceTable.cshtml b/Disco.Web/Views/Device/_DeviceTable.cshtml
index e3794a1e..d1684f7a 100644
--- a/Disco.Web/Views/Device/_DeviceTable.cshtml
+++ b/Disco.Web/Views/Device/_DeviceTable.cshtml
@@ -32,22 +32,22 @@
                             {@Html.ActionLink(item.Id, MVC.Device.Show(item.Id))}
                         else
                         {@item.Id}
-                            @if (Authorization.Has(Claims.Device.ShowFlagAssignments))
+                            @if (item.DeviceFlagAssignments.CanShowAny())
                             {
-                                @if (item.DeviceFlagAssignments != null && item.DeviceFlagAssignments.Count > 0)
-                                {
-                                    <div class="flags">
-                                        @foreach (var flag in item.DeviceFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, DeviceFlagService.GetDeviceFlag(f.DeviceFlagId))))
+                                <div class="flags">
+                                    @foreach (var flag in item.DeviceFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, DeviceFlagService.GetDeviceFlag(f.DeviceFlagId))))
+                                    {
+                                        @if (flag.Item2.permission.CanShow())
                                         {
-                                            <i class="flag fa fa-@(flag.Item2.Icon) fa-fw d-@(flag.Item2.IconColour)">
+                                            <i class="flag fa fa-@(flag.Item2.flag.Icon) fa-fw d-@(flag.Item2.flag.IconColour)">
                                                 <span class="details">
-                                                    <span class="name">@flag.Item2.Name</span>@if (flag.Item1.Comments != null)
+                                                    <span class="name">@flag.Item2.flag.Name</span>@if (flag.Item1.Comments != null)
                                                     {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId)</span>
                                                 </span>
                                             </i>
                                         }
-                                    </div>
-                                }
+                                    }
+                                </div>
                             }
                         </td>
                         <td>
@@ -117,43 +117,43 @@
             </tbody>
         </table>
         <script type="text/javascript">
-    $(function () {
-        var userTable = $('table.deviceTable');
+            $(function () {
+                var userTable = $('table.deviceTable');
 
-        userTable.each(function () {
-            var $this = $(this);
+                userTable.each(function () {
+                    var $this = $(this);
 
-            if (!$this.data('deviceTable_Flags')) {
-                $this.tooltip({
-                    items: 'i.flag',
-                    content: function () {
-                        var $this = $(this);
-                        return $this.children('.details').html();
-                    },
-                    tooltipClass: 'FlagAssignment_Tooltip',
-                    position: {
-                        my: "right top",
-                        at: "right bottom",
-                        collision: "flipfit flip"
-                    },
-                    hade: {
-                        effect: ''
-                    },
-                    close: function (e, ui) {
-                        ui.tooltip.hover(
-                            function () {
-                                $(this).stop(true).fadeTo(100, 1);
+                    if (!$this.data('deviceTable_Flags')) {
+                        $this.tooltip({
+                            items: 'i.flag',
+                            content: function () {
+                                var $this = $(this);
+                                return $this.children('.details').html();
                             },
-                            function () {
-                                $(this).fadeOut(100, function () { $(this).remove(); });
-                            });
+                            tooltipClass: 'FlagAssignment_Tooltip',
+                            position: {
+                                my: "right top",
+                                at: "right bottom",
+                                collision: "flipfit flip"
+                            },
+                            hade: {
+                                effect: ''
+                            },
+                            close: function (e, ui) {
+                                ui.tooltip.hover(
+                                    function () {
+                                        $(this).stop(true).fadeTo(100, 1);
+                                    },
+                                    function () {
+                                        $(this).fadeOut(100, function () { $(this).remove(); });
+                                    });
+                            }
+                        });
+
+                        $this.data('deviceTable_Flags', true)
                     }
                 });
-
-                $this.data('deviceTable_Flags', true)
-            }
-        });
-    });
+            });
         </script>
     }
     else
diff --git a/Disco.Web/Views/Device/_DeviceTable.generated.cs b/Disco.Web/Views/Device/_DeviceTable.generated.cs
index 887a5171..a8edfe66 100644
--- a/Disco.Web/Views/Device/_DeviceTable.generated.cs
+++ b/Disco.Web/Views/Device/_DeviceTable.generated.cs
@@ -175,35 +175,35 @@ WriteLiteral("                            ");
 
             
             #line 35 "..\..\Views\Device\_DeviceTable.cshtml"
-                             if (Authorization.Has(Claims.Device.ShowFlagAssignments))
+                             if (item.DeviceFlagAssignments.CanShowAny())
                             {
-                                
-            
-            #line default
-            #line hidden
-            
-            #line 37 "..\..\Views\Device\_DeviceTable.cshtml"
-                                 if (item.DeviceFlagAssignments != null && item.DeviceFlagAssignments.Count > 0)
-                                {
 
             
             #line default
             #line hidden
-WriteLiteral("                                    <div");
+WriteLiteral("                                <div");
 
 WriteLiteral(" class=\"flags\"");
 
 WriteLiteral(">\r\n");
 
             
-            #line 40 "..\..\Views\Device\_DeviceTable.cshtml"
+            #line 38 "..\..\Views\Device\_DeviceTable.cshtml"
+                                    
+            
+            #line default
+            #line hidden
+            
+            #line 38 "..\..\Views\Device\_DeviceTable.cshtml"
+                                     foreach (var flag in item.DeviceFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, DeviceFlagService.GetDeviceFlag(f.DeviceFlagId))))
+                                    {
                                         
             
             #line default
             #line hidden
             
             #line 40 "..\..\Views\Device\_DeviceTable.cshtml"
-                                         foreach (var flag in item.DeviceFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, DeviceFlagService.GetDeviceFlag(f.DeviceFlagId))))
+                                         if (flag.Item2.permission.CanShow())
                                         {
 
             
@@ -211,26 +211,26 @@ WriteLiteral(">\r\n");
             #line hidden
 WriteLiteral("                                            <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 1953), Tuple.Create("\"", 2023)
-, Tuple.Create(Tuple.Create("", 1961), Tuple.Create("flag", 1961), true)
-, Tuple.Create(Tuple.Create(" ", 1965), Tuple.Create("fa", 1966), true)
-, Tuple.Create(Tuple.Create(" ", 1968), Tuple.Create("fa-", 1969), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 1901), Tuple.Create("\"", 1981)
+, Tuple.Create(Tuple.Create("", 1909), Tuple.Create("flag", 1909), true)
+, Tuple.Create(Tuple.Create(" ", 1913), Tuple.Create("fa", 1914), true)
+, Tuple.Create(Tuple.Create(" ", 1916), Tuple.Create("fa-", 1917), true)
             
             #line 42 "..\..\Views\Device\_DeviceTable.cshtml"
-, Tuple.Create(Tuple.Create("", 1972), Tuple.Create<System.Object, System.Int32>(flag.Item2.Icon
+, Tuple.Create(Tuple.Create("", 1920), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.Icon
             
             #line default
             #line hidden
-, 1972), false)
-, Tuple.Create(Tuple.Create(" ", 1990), Tuple.Create("fa-fw", 1991), true)
-, Tuple.Create(Tuple.Create(" ", 1996), Tuple.Create("d-", 1997), true)
+, 1920), false)
+, Tuple.Create(Tuple.Create(" ", 1943), Tuple.Create("fa-fw", 1944), true)
+, Tuple.Create(Tuple.Create(" ", 1949), Tuple.Create("d-", 1950), true)
             
             #line 42 "..\..\Views\Device\_DeviceTable.cshtml"
-             , Tuple.Create(Tuple.Create("", 1999), Tuple.Create<System.Object, System.Int32>(flag.Item2.IconColour
+                  , Tuple.Create(Tuple.Create("", 1952), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.IconColour
             
             #line default
             #line hidden
-, 1999), false)
+, 1952), false)
 );
 
 WriteLiteral(">\r\n                                                <span");
@@ -245,7 +245,7 @@ WriteLiteral(">");
 
             
             #line 44 "..\..\Views\Device\_DeviceTable.cshtml"
-                                                                  Write(flag.Item2.Name);
+                                                                  Write(flag.Item2.flag.Name);
 
             
             #line default
@@ -254,7 +254,7 @@ WriteLiteral("</span>");
 
             
             #line 44 "..\..\Views\Device\_DeviceTable.cshtml"
-                                                                                               if (flag.Item1.Comments != null)
+                                                                                                    if (flag.Item1.Comments != null)
                                                     {
             
             #line default
@@ -302,17 +302,18 @@ WriteLiteral("</span>\r\n                                                </span>
             
             #line default
             #line hidden
-WriteLiteral("\r\n                                    </div>\r\n");
-
             
-            #line 50 "..\..\Views\Device\_DeviceTable.cshtml"
-                                }
+            #line 48 "..\..\Views\Device\_DeviceTable.cshtml"
+                                         
+                                    }
+
             
             #line default
             #line hidden
+WriteLiteral("                                </div>\r\n");
+
             
-            #line 50 "..\..\Views\Device\_DeviceTable.cshtml"
-                                 
+            #line 51 "..\..\Views\Device\_DeviceTable.cshtml"
                             }
 
             
@@ -627,46 +628,27 @@ WriteLiteral("        <script");
 
 WriteLiteral(" type=\"text/javascript\"");
 
-WriteLiteral(@">
-    $(function () {
-        var userTable = $('table.deviceTable');
-
-        userTable.each(function () {
-            var $this = $(this);
-
-            if (!$this.data('deviceTable_Flags')) {
-                $this.tooltip({
-                    items: 'i.flag',
-                    content: function () {
-                        var $this = $(this);
-                        return $this.children('.details').html();
-                    },
-                    tooltipClass: 'FlagAssignment_Tooltip',
-                    position: {
-                        my: ""right top"",
-                        at: ""right bottom"",
-                        collision: ""flipfit flip""
-                    },
-                    hade: {
-                        effect: ''
-                    },
-                    close: function (e, ui) {
-                        ui.tooltip.hover(
-                            function () {
-                                $(this).stop(true).fadeTo(100, 1);
-                            },
-                            function () {
-                                $(this).fadeOut(100, function () { $(this).remove(); });
-                            });
-                    }
-                });
-
-                $this.data('deviceTable_Flags', true)
-            }
-        });
-    });
-        </script>
-");
+WriteLiteral(">\r\n            $(function () {\r\n                var userTable = $(\'table.deviceTa" +
+"ble\');\r\n\r\n                userTable.each(function () {\r\n                    var " +
+"$this = $(this);\r\n\r\n                    if (!$this.data(\'deviceTable_Flags\')) {\r" +
+"\n                        $this.tooltip({\r\n                            items: \'i." +
+"flag\',\r\n                            content: function () {\r\n                    " +
+"            var $this = $(this);\r\n                                return $this.c" +
+"hildren(\'.details\').html();\r\n                            },\r\n                   " +
+"         tooltipClass: \'FlagAssignment_Tooltip\',\r\n                            po" +
+"sition: {\r\n                                my: \"right top\",\r\n                   " +
+"             at: \"right bottom\",\r\n                                collision: \"fl" +
+"ipfit flip\"\r\n                            },\r\n                            hade: {" +
+"\r\n                                effect: \'\'\r\n                            },\r\n  " +
+"                          close: function (e, ui) {\r\n                           " +
+"     ui.tooltip.hover(\r\n                                    function () {\r\n     " +
+"                                   $(this).stop(true).fadeTo(100, 1);\r\n         " +
+"                           },\r\n                                    function () {" +
+"\r\n                                        $(this).fadeOut(100, function () { $(t" +
+"his).remove(); });\r\n                                    });\r\n                   " +
+"         }\r\n                        });\r\n\r\n                        $this.data(\'d" +
+"eviceTable_Flags\', true)\r\n                    }\r\n                });\r\n          " +
+"  });\r\n        </script>\r\n");
 
             
             #line 158 "..\..\Views\Device\_DeviceTable.cshtml"
diff --git a/Disco.Web/Views/Job/JobParts/_Subject.cshtml b/Disco.Web/Views/Job/JobParts/_Subject.cshtml
index ff08d913..d641a126 100644
--- a/Disco.Web/Views/Job/JobParts/_Subject.cshtml
+++ b/Disco.Web/Views/Job/JobParts/_Subject.cshtml
@@ -256,19 +256,20 @@
                                     </div>
                                 }
                             }
-                            @if (Authorization.Has(Claims.Device.ShowFlagAssignments) &&
-                                Model.Job.Device.DeviceFlagAssignments != null &&
-                                Model.Job.Device.DeviceFlagAssignments.Any(a => !a.RemovedDate.HasValue))
+                            @if (Model.Job.Device.DeviceFlagAssignments.CanShowAny())
                             {
                                 <div id="Job_Show_Device_Flags">
                                     @foreach (var flag in Model.Job.Device.DeviceFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, DeviceFlagService.GetDeviceFlag(f.DeviceFlagId))))
                                     {
-                                        <i class="flag fa fa-@(flag.Item2.Icon) fa-fw d-@(flag.Item2.IconColour)">
-                                            <span class="details">
-                                                <span class="name">@flag.Item2.Name</span>@if (flag.Item1.Comments != null)
-                                                {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId)</span>
-                                            </span>
-                                        </i>
+                                        if (flag.Item2.permission.CanShow())
+                                        {
+                                            <i class="flag fa fa-@(flag.Item2.flag.Icon) fa-fw d-@(flag.Item2.flag.IconColour)">
+                                                <span class="details">
+                                                    <span class="name">@flag.Item2.flag.Name</span>@if (flag.Item1.Comments != null)
+                                                    {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId)</span>
+                                                </span>
+                                            </i>
+                                        }
                                     }
                                     <script type="text/javascript">
                                         $(function () {
@@ -506,17 +507,20 @@
                     if (!string.IsNullOrWhiteSpace(Model.Job.User.EmailAddress))
                     {<div id="Job_Show_User_EmailAddress" title="Email Address">Email: <a href="mailto:@(Model.Job.User.EmailAddress)" data-clipboard="@Model.Job.User.DisplayName &lt;@Model.Job.User.EmailAddress&gt;">@Model.Job.User.EmailAddress</a></div>}
             }
-                    @if (Authorization.Has(Claims.User.ShowFlagAssignments))
+                    @if (Model.Job.User.UserFlagAssignments.CanShowAny())
                     {
                         <div id="Job_Show_User_Flags">
                             @foreach (var flag in Model.Job.User.UserFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, UserFlagService.GetUserFlag(f.UserFlagId))))
                             {
-                                <i class="flag fa fa-@(flag.Item2.Icon) fa-fw d-@(flag.Item2.IconColour)">
-                                    <span class="details">
-                                        <span class="name">@flag.Item2.Name</span>@if (flag.Item1.Comments != null)
-                                        {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId)</span>
-                                    </span>
-                                </i>
+                                if (flag.Item2.permission.CanShow())
+                                {
+                                    <i class="flag fa fa-@(flag.Item2.flag.Icon) fa-fw d-@(flag.Item2.flag.IconColour)">
+                                        <span class="details">
+                                            <span class="name">@flag.Item2.flag.Name</span>@if (flag.Item1.Comments != null)
+                                            {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId)</span>
+                                        </span>
+                                    </i>
+                                }
                             }
                             <script type="text/javascript">
                                 $(function () {
diff --git a/Disco.Web/Views/Job/JobParts/_Subject.generated.cs b/Disco.Web/Views/Job/JobParts/_Subject.generated.cs
index c55a2cba..c7fcc672 100644
--- a/Disco.Web/Views/Job/JobParts/_Subject.generated.cs
+++ b/Disco.Web/Views/Job/JobParts/_Subject.generated.cs
@@ -1108,9 +1108,7 @@ WriteLiteral("                            ");
 
             
             #line 259 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                             if (Authorization.Has(Claims.Device.ShowFlagAssignments) &&
-                                Model.Job.Device.DeviceFlagAssignments != null &&
-                                Model.Job.Device.DeviceFlagAssignments.Any(a => !a.RemovedDate.HasValue))
+                             if (Model.Job.Device.DeviceFlagAssignments.CanShowAny())
                             {
 
             
@@ -1123,48 +1121,50 @@ WriteLiteral(" id=\"Job_Show_Device_Flags\"");
 WriteLiteral(">\r\n");
 
             
-            #line 264 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 262 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                     
             
             #line default
             #line hidden
             
-            #line 264 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 262 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                      foreach (var flag in Model.Job.Device.DeviceFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, DeviceFlagService.GetDeviceFlag(f.DeviceFlagId))))
                                     {
+                                        if (flag.Item2.permission.CanShow())
+                                        {
 
             
             #line default
             #line hidden
-WriteLiteral("                                        <i");
+WriteLiteral("                                            <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 18293), Tuple.Create("\"", 18363)
-, Tuple.Create(Tuple.Create("", 18301), Tuple.Create("flag", 18301), true)
-, Tuple.Create(Tuple.Create(" ", 18305), Tuple.Create("fa", 18306), true)
-, Tuple.Create(Tuple.Create(" ", 18308), Tuple.Create("fa-", 18309), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 18225), Tuple.Create("\"", 18305)
+, Tuple.Create(Tuple.Create("", 18233), Tuple.Create("flag", 18233), true)
+, Tuple.Create(Tuple.Create(" ", 18237), Tuple.Create("fa", 18238), true)
+, Tuple.Create(Tuple.Create(" ", 18240), Tuple.Create("fa-", 18241), true)
             
             #line 266 "..\..\Views\Job\JobParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 18312), Tuple.Create<System.Object, System.Int32>(flag.Item2.Icon
+, Tuple.Create(Tuple.Create("", 18244), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.Icon
             
             #line default
             #line hidden
-, 18312), false)
-, Tuple.Create(Tuple.Create(" ", 18330), Tuple.Create("fa-fw", 18331), true)
-, Tuple.Create(Tuple.Create(" ", 18336), Tuple.Create("d-", 18337), true)
+, 18244), false)
+, Tuple.Create(Tuple.Create(" ", 18267), Tuple.Create("fa-fw", 18268), true)
+, Tuple.Create(Tuple.Create(" ", 18273), Tuple.Create("d-", 18274), true)
             
             #line 266 "..\..\Views\Job\JobParts\_Subject.cshtml"
-        , Tuple.Create(Tuple.Create("", 18339), Tuple.Create<System.Object, System.Int32>(flag.Item2.IconColour
+                 , Tuple.Create(Tuple.Create("", 18276), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.IconColour
             
             #line default
             #line hidden
-, 18339), false)
+, 18276), false)
 );
 
-WriteLiteral(">\r\n                                            <span");
+WriteLiteral(">\r\n                                                <span");
 
 WriteLiteral(" class=\"details\"");
 
-WriteLiteral(">\r\n                                                <span");
+WriteLiteral(">\r\n                                                    <span");
 
 WriteLiteral(" class=\"name\"");
 
@@ -1172,7 +1172,7 @@ WriteLiteral(">");
 
             
             #line 268 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                              Write(flag.Item2.Name);
+                                                                  Write(flag.Item2.flag.Name);
 
             
             #line default
@@ -1181,8 +1181,8 @@ WriteLiteral("</span>");
 
             
             #line 268 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                                           if (flag.Item1.Comments != null)
-                                                {
+                                                                                                    if (flag.Item1.Comments != null)
+                                                    {
             
             #line default
             #line hidden
@@ -1194,7 +1194,7 @@ WriteLiteral(">");
 
             
             #line 269 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                   Write(flag.Item1.Comments.ToHtmlComment());
+                                                                       Write(flag.Item1.Comments.ToHtmlComment());
 
             
             #line default
@@ -1203,7 +1203,7 @@ WriteLiteral("</span>");
 
             
             #line 269 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                                                                   }
+                                                                                                                       }
             
             #line default
             #line hidden
@@ -1215,16 +1215,17 @@ WriteLiteral(">");
 
             
             #line 269 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                                                                                   Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId));
+                                                                                                                                       Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId));
 
             
             #line default
             #line hidden
-WriteLiteral("</span>\r\n                                            </span>\r\n                   " +
-"                     </i>\r\n");
+WriteLiteral("</span>\r\n                                                </span>\r\n               " +
+"                             </i>\r\n");
 
             
             #line 272 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                        }
                                     }
 
             
@@ -1263,7 +1264,7 @@ WriteLiteral(">\r\n                                        $(function () {\r\n
 "           </div>\r\n");
 
             
-            #line 304 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 305 "..\..\Views\Job\JobParts\_Subject.cshtml"
                             }
 
             
@@ -1272,13 +1273,13 @@ WriteLiteral(">\r\n                                        $(function () {\r\n
 WriteLiteral("                        </div>\r\n                    </div>\r\n");
 
             
-            #line 307 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 308 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 307 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 308 "..\..\Views\Job\JobParts\_Subject.cshtml"
                      if (Model.Job.DeviceHeld.HasValue)
                     {
                         var canEditLocation = Authorization.Has(Claims.Job.Properties.DeviceHeldLocation);
@@ -1305,7 +1306,7 @@ WriteLiteral(" id=\"Job_Show_Device_DeviceHeld_Location\"");
 WriteLiteral(" data-locationsurl=\"");
 
             
-            #line 315 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 316 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                      Write(Url.Action(MVC.API.Job.DeviceHeldLocations()));
 
             
@@ -1316,7 +1317,7 @@ WriteLiteral("\"");
 WriteLiteral(" data-updateurl=\"");
 
             
-            #line 315 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 316 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                                                      Write(Url.Action(MVC.API.Job.UpdateDeviceHeldLocation(Model.Job.Id, null)));
 
             
@@ -1327,13 +1328,13 @@ WriteLiteral("\"");
 WriteLiteral(">\r\n");
 
             
-            #line 316 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 317 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                             
             
             #line default
             #line hidden
             
-            #line 316 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 317 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                              if (canEditLocation)
                                             {
                                                 switch (Model.LocationMode)
@@ -1345,14 +1346,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 322 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 323 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                    Write(Html.TextBoxFor(m => m.Job.DeviceHeldLocation, new { @class = "small discreet" }));
 
             
             #line default
             #line hidden
             
-            #line 322 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 323 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                           
                                                         break;
                                                     case LocationModes.RestrictedList:
@@ -1367,14 +1368,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 331 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 332 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                    Write(Html.DropDownListFor(m => m.Job.DeviceHeldLocation, listOptions, new { @class = "small discreet" }));
 
             
             #line default
             #line hidden
             
-            #line 331 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 332 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                                             ;
                                                         break;
                                                 }
@@ -1383,27 +1384,27 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 334 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 335 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                            Write(AjaxHelpers.AjaxSave());
 
             
             #line default
             #line hidden
             
-            #line 334 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 335 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                         
             
             #line default
             #line hidden
             
-            #line 334 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 335 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                    Write(AjaxHelpers.AjaxLoader());
 
             
             #line default
             #line hidden
             
-            #line 334 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 335 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                  
                                             }
                                             else if (string.IsNullOrEmpty(Model.Job.DeviceHeldLocation))
@@ -1419,7 +1420,7 @@ WriteLiteral(" class=\"smallMessage\"");
 WriteLiteral(">&lt;None/Unknown&gt;</span>\r\n");
 
             
-            #line 339 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 340 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                             }
                                             else
                                             {
@@ -1428,14 +1429,14 @@ WriteLiteral(">&lt;None/Unknown&gt;</span>\r\n");
             #line default
             #line hidden
             
-            #line 342 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 343 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                            Write(Model.Job.DeviceHeldLocation);
 
             
             #line default
             #line hidden
             
-            #line 342 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 343 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                              
                                             }
 
@@ -1454,7 +1455,7 @@ WriteLiteral(" id=\"Job_Show_Device_DeviceHeld_DeviceHeld\"");
 WriteLiteral(">");
 
             
-            #line 349 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 350 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                     Write(CommonHelpers.FriendlyDateAndTitleUser(Model.Job.DeviceHeld, Model.Job.DeviceHeldTechUser));
 
             
@@ -1463,13 +1464,13 @@ WriteLiteral(">");
 WriteLiteral("</span></td>\r\n                                </tr>\r\n");
 
             
-            #line 351 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 352 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                 
             
             #line default
             #line hidden
             
-            #line 351 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 352 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                  if (Model.Job.DeviceReadyForReturn.HasValue)
                                 {
 
@@ -1484,7 +1485,7 @@ WriteLiteral(" id=\"Job_Show_Device_DeviceHeld_DeviceReadyForReturn\"");
 WriteLiteral(">");
 
             
-            #line 355 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 356 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                   Write(CommonHelpers.FriendlyDateAndTitleUser(Model.Job.DeviceReadyForReturn, Model.Job.DeviceReadyForReturnTechUser));
 
             
@@ -1493,7 +1494,7 @@ WriteLiteral(">");
 WriteLiteral("</span></td>\r\n                                    </tr>\r\n");
 
             
-            #line 357 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 358 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                 }
 
             
@@ -1502,7 +1503,7 @@ WriteLiteral("</span></td>\r\n                                    </tr>\r\n");
 WriteLiteral("                                ");
 
             
-            #line 358 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 359 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                  if (Model.Job.DeviceReturnedDate.HasValue)
                                 {
 
@@ -1517,7 +1518,7 @@ WriteLiteral(" id=\"Job_Show_Device_DeviceHeld_DeviceReturnedDate\"");
 WriteLiteral(">");
 
             
-            #line 362 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 363 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                 Write(CommonHelpers.FriendlyDateAndTitleUser(Model.Job.DeviceReturnedDate, Model.Job.DeviceReturnedTechUser));
 
             
@@ -1526,7 +1527,7 @@ WriteLiteral(">");
 WriteLiteral("</span></td>\r\n                                    </tr>\r\n");
 
             
-            #line 364 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 365 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                 }
 
             
@@ -1535,13 +1536,13 @@ WriteLiteral("</span></td>\r\n                                    </tr>\r\n");
 WriteLiteral("                            </table>\r\n");
 
             
-            #line 366 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 367 "..\..\Views\Job\JobParts\_Subject.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 366 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 367 "..\..\Views\Job\JobParts\_Subject.cshtml"
                              if (canEditLocation)
                             {
 
@@ -1555,13 +1556,13 @@ WriteLiteral(" type=\"text/javascript\"");
 WriteLiteral(">\r\n                                    $(function () {\r\n");
 
             
-            #line 370 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 371 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                         
             
             #line default
             #line hidden
             
-            #line 370 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 371 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                          switch (Model.LocationMode)
                                         {
                                             case LocationModes.Unrestricted:
@@ -1660,7 +1661,7 @@ WriteLiteral("\r\n                                        const $deviceHeldLocat
 WriteLiteral("\r\n");
 
             
-            #line 462 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 463 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                 break;
                                             case LocationModes.RestrictedList:
 
@@ -1676,7 +1677,7 @@ WriteLiteral(@"
                                             '");
 
             
-            #line 468 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 469 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                         Write(Url.Action(MVC.API.Job.UpdateDeviceHeldLocation(Model.Job.Id, null)));
 
             
@@ -1688,7 +1689,7 @@ WriteLiteral("\',\r\n                                            \'DeviceHeldLoc
 WriteLiteral("\r\n");
 
             
-            #line 471 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 472 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                 break;
                                         }
 
@@ -1699,7 +1700,7 @@ WriteLiteral("\r\n\r\n                                    });\r\n
 "ript>\r\n");
 
             
-            #line 477 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 478 "..\..\Views\Job\JobParts\_Subject.cshtml"
                             }
 
             
@@ -1708,7 +1709,7 @@ WriteLiteral("\r\n\r\n                                    });\r\n
 WriteLiteral("                        </div>\r\n");
 
             
-            #line 479 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 480 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     }
 
             
@@ -1717,7 +1718,7 @@ WriteLiteral("                        </div>\r\n");
 WriteLiteral("                </div>\r\n            </td>\r\n");
 
             
-            #line 482 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 483 "..\..\Views\Job\JobParts\_Subject.cshtml"
         }
 
             
@@ -1726,7 +1727,7 @@ WriteLiteral("                </div>\r\n            </td>\r\n");
 WriteLiteral("        ");
 
             
-            #line 483 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 484 "..\..\Views\Job\JobParts\_Subject.cshtml"
          if (Model.Job.User != null)
         {
 
@@ -1740,13 +1741,13 @@ WriteLiteral(" id=\"Job_Show_User\"");
 WriteLiteral(">\r\n                <div>\r\n");
 
             
-            #line 487 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 488 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 487 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 488 "..\..\Views\Job\JobParts\_Subject.cshtml"
                      if (Model.HasUserPhoto)
                     {
 
@@ -1761,20 +1762,20 @@ WriteLiteral(">\r\n                            <img");
 
 WriteLiteral(" id=\"Job_Show_User_Photo\"");
 
-WriteAttribute("src", Tuple.Create(" src=\"", 34639), Tuple.Create("\"", 34694)
+WriteAttribute("src", Tuple.Create(" src=\"", 34649), Tuple.Create("\"", 34704)
             
-            #line 490 "..\..\Views\Job\JobParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 34645), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.User.Photo(Model.Job.UserId))
+            #line 491 "..\..\Views\Job\JobParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 34655), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.User.Photo(Model.Job.UserId))
             
             #line default
             #line hidden
-, 34645), false)
+, 34655), false)
 );
 
 WriteLiteral(" />\r\n                        </div>\r\n");
 
             
-            #line 492 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 493 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     }
 
             
@@ -1789,27 +1790,27 @@ WriteLiteral(" title=\"Display Name\"");
 WriteLiteral(">\r\n                        <span data-clipboard>\r\n");
 
             
-            #line 495 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 496 "..\..\Views\Job\JobParts\_Subject.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 495 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 496 "..\..\Views\Job\JobParts\_Subject.cshtml"
                              if (Authorization.Has(Claims.User.Show))
                             {
             
             #line default
             #line hidden
             
-            #line 496 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 497 "..\..\Views\Job\JobParts\_Subject.cshtml"
                         Write(Html.ActionLink(Model.Job.User.DisplayName, MVC.User.Show(Model.Job.UserId)));
 
             
             #line default
             #line hidden
             
-            #line 496 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 497 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                           }
                         else
                         {
@@ -1817,14 +1818,14 @@ WriteLiteral(">\r\n                        <span data-clipboard>\r\n");
             #line default
             #line hidden
             
-            #line 498 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 499 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     Write(Model.Job.User.DisplayName);
 
             
             #line default
             #line hidden
             
-            #line 498 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 499 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                     }
 
             
@@ -1840,7 +1841,7 @@ WriteLiteral(" title=\"Id\"");
 WriteLiteral("><span data-clipboard>");
 
             
-            #line 501 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 502 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                           Write(Model.Job.User.FriendlyId());
 
             
@@ -1849,13 +1850,13 @@ WriteLiteral("><span data-clipboard>");
 WriteLiteral("</span></div>\r\n");
 
             
-            #line 502 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 503 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 502 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 503 "..\..\Views\Job\JobParts\_Subject.cshtml"
                      if (Authorization.Has(Claims.User.ShowDetails))
                     {
                         if (!string.IsNullOrWhiteSpace(Model.Job.User.PhoneNumber))
@@ -1871,21 +1872,21 @@ WriteLiteral(" title=\"Phone Number\"");
 
 WriteLiteral(">Phone: <a");
 
-WriteAttribute("href", Tuple.Create(" href=\"", 35596), Tuple.Create("\"", 35634)
-, Tuple.Create(Tuple.Create("", 35603), Tuple.Create("tel:", 35603), true)
+WriteAttribute("href", Tuple.Create(" href=\"", 35606), Tuple.Create("\"", 35644)
+, Tuple.Create(Tuple.Create("", 35613), Tuple.Create("tel:", 35613), true)
             
-            #line 505 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                     , Tuple.Create(Tuple.Create("", 35607), Tuple.Create<System.Object, System.Int32>(Model.Job.User.PhoneNumber
+            #line 506 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                     , Tuple.Create(Tuple.Create("", 35617), Tuple.Create<System.Object, System.Int32>(Model.Job.User.PhoneNumber
             
             #line default
             #line hidden
-, 35607), false)
+, 35617), false)
 );
 
 WriteLiteral(" data-clipboard>");
 
             
-            #line 505 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 506 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                              Write(Model.Job.User.PhoneNumber);
 
             
@@ -1894,7 +1895,7 @@ WriteLiteral(" data-clipboard>");
 WriteLiteral("</a></div>");
 
             
-            #line 505 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 506 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                                                                        }
                     if (!string.IsNullOrWhiteSpace(Model.Job.User.EmailAddress))
                     {
@@ -1909,21 +1910,21 @@ WriteLiteral(" title=\"Email Address\"");
 
 WriteLiteral(">Email: <a");
 
-WriteAttribute("href", Tuple.Create(" href=\"", 35862), Tuple.Create("\"", 35906)
-, Tuple.Create(Tuple.Create("", 35869), Tuple.Create("mailto:", 35869), true)
+WriteAttribute("href", Tuple.Create(" href=\"", 35872), Tuple.Create("\"", 35916)
+, Tuple.Create(Tuple.Create("", 35879), Tuple.Create("mailto:", 35879), true)
             
-            #line 507 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                       , Tuple.Create(Tuple.Create("", 35876), Tuple.Create<System.Object, System.Int32>(Model.Job.User.EmailAddress
+            #line 508 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                       , Tuple.Create(Tuple.Create("", 35886), Tuple.Create<System.Object, System.Int32>(Model.Job.User.EmailAddress
             
             #line default
             #line hidden
-, 35876), false)
+, 35886), false)
 );
 
 WriteLiteral(" data-clipboard=\"");
 
             
-            #line 507 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 508 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                                   Write(Model.Job.User.DisplayName);
 
             
@@ -1932,7 +1933,7 @@ WriteLiteral(" data-clipboard=\"");
 WriteLiteral(" &lt;");
 
             
-            #line 507 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 508 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                                                                   Write(Model.Job.User.EmailAddress);
 
             
@@ -1943,7 +1944,7 @@ WriteLiteral("&gt;\"");
 WriteLiteral(">");
 
             
-            #line 507 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 508 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                                                                                                     Write(Model.Job.User.EmailAddress);
 
             
@@ -1952,7 +1953,7 @@ WriteLiteral(">");
 WriteLiteral("</a></div>");
 
             
-            #line 507 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 508 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                                                                                                                                                }
             }
 
@@ -1962,8 +1963,8 @@ WriteLiteral("</a></div>");
 WriteLiteral("                    ");
 
             
-            #line 509 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                     if (Authorization.Has(Claims.User.ShowFlagAssignments))
+            #line 510 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                     if (Model.Job.User.UserFlagAssignments.CanShowAny())
                     {
 
             
@@ -1976,56 +1977,58 @@ WriteLiteral(" id=\"Job_Show_User_Flags\"");
 WriteLiteral(">\r\n");
 
             
-            #line 512 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 513 "..\..\Views\Job\JobParts\_Subject.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 512 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 513 "..\..\Views\Job\JobParts\_Subject.cshtml"
                              foreach (var flag in Model.Job.User.UserFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, UserFlagService.GetUserFlag(f.UserFlagId))))
                             {
+                                if (flag.Item2.permission.CanShow())
+                                {
 
             
             #line default
             #line hidden
-WriteLiteral("                                <i");
+WriteLiteral("                                    <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 36463), Tuple.Create("\"", 36533)
-, Tuple.Create(Tuple.Create("", 36471), Tuple.Create("flag", 36471), true)
-, Tuple.Create(Tuple.Create(" ", 36475), Tuple.Create("fa", 36476), true)
-, Tuple.Create(Tuple.Create(" ", 36478), Tuple.Create("fa-", 36479), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 36579), Tuple.Create("\"", 36659)
+, Tuple.Create(Tuple.Create("", 36587), Tuple.Create("flag", 36587), true)
+, Tuple.Create(Tuple.Create(" ", 36591), Tuple.Create("fa", 36592), true)
+, Tuple.Create(Tuple.Create(" ", 36594), Tuple.Create("fa-", 36595), true)
             
-            #line 514 "..\..\Views\Job\JobParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 36482), Tuple.Create<System.Object, System.Int32>(flag.Item2.Icon
+            #line 517 "..\..\Views\Job\JobParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 36598), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.Icon
             
             #line default
             #line hidden
-, 36482), false)
-, Tuple.Create(Tuple.Create(" ", 36500), Tuple.Create("fa-fw", 36501), true)
-, Tuple.Create(Tuple.Create(" ", 36506), Tuple.Create("d-", 36507), true)
+, 36598), false)
+, Tuple.Create(Tuple.Create(" ", 36621), Tuple.Create("fa-fw", 36622), true)
+, Tuple.Create(Tuple.Create(" ", 36627), Tuple.Create("d-", 36628), true)
             
-            #line 514 "..\..\Views\Job\JobParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 36509), Tuple.Create<System.Object, System.Int32>(flag.Item2.IconColour
+            #line 517 "..\..\Views\Job\JobParts\_Subject.cshtml"
+         , Tuple.Create(Tuple.Create("", 36630), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.IconColour
             
             #line default
             #line hidden
-, 36509), false)
+, 36630), false)
 );
 
-WriteLiteral(">\r\n                                    <span");
+WriteLiteral(">\r\n                                        <span");
 
 WriteLiteral(" class=\"details\"");
 
-WriteLiteral(">\r\n                                        <span");
+WriteLiteral(">\r\n                                            <span");
 
 WriteLiteral(" class=\"name\"");
 
 WriteLiteral(">");
 
             
-            #line 516 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                      Write(flag.Item2.Name);
+            #line 519 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                                          Write(flag.Item2.flag.Name);
 
             
             #line default
@@ -2033,9 +2036,9 @@ WriteLiteral(">");
 WriteLiteral("</span>");
 
             
-            #line 516 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                                   if (flag.Item1.Comments != null)
-                                        {
+            #line 519 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                                                                            if (flag.Item1.Comments != null)
+                                            {
             
             #line default
             #line hidden
@@ -2046,8 +2049,8 @@ WriteLiteral(" class=\"comments\"");
 WriteLiteral(">");
 
             
-            #line 517 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                           Write(flag.Item1.Comments.ToHtmlComment());
+            #line 520 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                                               Write(flag.Item1.Comments.ToHtmlComment());
 
             
             #line default
@@ -2055,8 +2058,8 @@ WriteLiteral(">");
 WriteLiteral("</span>");
 
             
-            #line 517 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                                                           }
+            #line 520 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                                                                                               }
             
             #line default
             #line hidden
@@ -2067,17 +2070,18 @@ WriteLiteral(" class=\"added\"");
 WriteLiteral(">");
 
             
-            #line 517 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                                                                           Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId));
+            #line 520 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                                                                                                               Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId));
 
             
             #line default
             #line hidden
-WriteLiteral("</span>\r\n                                    </span>\r\n                           " +
-"     </i>\r\n");
+WriteLiteral("</span>\r\n                                        </span>\r\n                       " +
+"             </i>\r\n");
 
             
-            #line 520 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 523 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                }
                             }
 
             
@@ -2113,7 +2117,7 @@ WriteLiteral(">\r\n                                $(function () {\r\n
 "         </div>\r\n");
 
             
-            #line 552 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 556 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     }
 
             
@@ -2122,7 +2126,7 @@ WriteLiteral(">\r\n                                $(function () {\r\n
 WriteLiteral("                    ");
 
             
-            #line 553 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 557 "..\..\Views\Job\JobParts\_Subject.cshtml"
                      if (Model.Job.WaitingForUserAction.HasValue)
                     {
 
@@ -2141,7 +2145,7 @@ WriteLiteral(">\r\n                            <h4>Awaiting Action</h4>\r\n
 WriteLiteral(" data-livestamp=\"");
 
             
-            #line 557 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 561 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                     Write(Model.Job.WaitingForUserAction.ToUnixEpoc());
 
             
@@ -2152,7 +2156,7 @@ WriteLiteral("\"");
 WriteLiteral(">");
 
             
-            #line 557 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 561 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                   Write(Model.Job.WaitingForUserAction.ToFullDateTime());
 
             
@@ -2161,7 +2165,7 @@ WriteLiteral(">");
 WriteLiteral("</span>\r\n                        </div>\r\n");
 
             
-            #line 559 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 563 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     }
 
             
@@ -2170,7 +2174,7 @@ WriteLiteral("</span>\r\n                        </div>\r\n");
 WriteLiteral("                    ");
 
             
-            #line 560 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 564 "..\..\Views\Job\JobParts\_Subject.cshtml"
                      if (Model.UserDetails != null && Model.UserDetails.Count(d => !d.Key.EndsWith("&")) > 0)
                     {
 
@@ -2186,13 +2190,13 @@ WriteLiteral(" class=\"status clearfix\"");
 WriteLiteral(">\r\n");
 
             
-            #line 563 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 567 "..\..\Views\Job\JobParts\_Subject.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 563 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 567 "..\..\Views\Job\JobParts\_Subject.cshtml"
                              foreach (var detail in Model.UserDetails.Where(d => !d.Key.EndsWith("&")))
                             {
 
@@ -2203,7 +2207,7 @@ WriteLiteral("                                <div>\r\n
 "g>");
 
             
-            #line 566 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 570 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                        Write(detail.Key.TrimEnd('*'));
 
             
@@ -2212,13 +2216,13 @@ WriteLiteral("                                <div>\r\n
 WriteLiteral(":</strong>\r\n");
 
             
-            #line 567 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 571 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                     
             
             #line default
             #line hidden
             
-            #line 567 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 571 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                      if (detail.Key.EndsWith("*"))
                                     {
 
@@ -2240,7 +2244,7 @@ WriteLiteral(" class=\"reveal hidden\"");
 WriteLiteral(">");
 
             
-            #line 570 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 574 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                Write(Html.Partial(MVC.Shared.Views._CustomDetailValueRender, detail));
 
             
@@ -2249,7 +2253,7 @@ WriteLiteral(">");
 WriteLiteral("</span>\r\n");
 
             
-            #line 571 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 575 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                     }
                                     else
                                     {
@@ -2258,14 +2262,14 @@ WriteLiteral("</span>\r\n");
             #line default
             #line hidden
             
-            #line 574 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 578 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                    Write(Html.Partial(MVC.Shared.Views._CustomDetailValueRender, detail));
 
             
             #line default
             #line hidden
             
-            #line 574 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 578 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                         
                                     }
 
@@ -2275,7 +2279,7 @@ WriteLiteral("</span>\r\n");
 WriteLiteral("                                </div>\r\n");
 
             
-            #line 577 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 581 "..\..\Views\Job\JobParts\_Subject.cshtml"
                             }
 
             
@@ -2300,7 +2304,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 590 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 594 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     }
 
             
@@ -2309,7 +2313,7 @@ WriteLiteral(@">
 WriteLiteral("                </div>\r\n            </td>\r\n");
 
             
-            #line 593 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 597 "..\..\Views\Job\JobParts\_Subject.cshtml"
         }
 
             
@@ -2326,13 +2330,13 @@ WriteLiteral(" id=\"Job_Show_Job_Actions\"");
 WriteLiteral(">\r\n");
 
             
-            #line 597 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 601 "..\..\Views\Job\JobParts\_Subject.cshtml"
             
             
             #line default
             #line hidden
             
-            #line 597 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 601 "..\..\Views\Job\JobParts\_Subject.cshtml"
               
                 List<string> CanCloseForcedReasons;
                 if (Model.Job.CanCloseForced(out CanCloseForcedReasons))
@@ -2342,14 +2346,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 601 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 605 "..\..\Views\Job\JobParts\_Subject.cshtml"
                Write(Html.ActionLinkSmallButton("Forcibly Close", MVC.API.Job.Close(Model.Job.Id, true), "Job_Show_Job_Actions_ForceClose_Button"));
 
             
             #line default
             #line hidden
             
-            #line 601 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 605 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                                   
 
             
@@ -2379,13 +2383,13 @@ WriteLiteral("></i><strong>Are you sure?</strong>\r\n
 "                  <ul>\r\n");
 
             
-            #line 608 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 612 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                 
             
             #line default
             #line hidden
             
-            #line 608 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 612 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                  foreach (var reason in CanCloseForcedReasons)
                                 {
 
@@ -2395,7 +2399,7 @@ WriteLiteral("></i><strong>Are you sure?</strong>\r\n
 WriteLiteral("                                    <li>");
 
             
-            #line 610 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 614 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                    Write(reason);
 
             
@@ -2404,7 +2408,7 @@ WriteLiteral("                                    <li>");
 WriteLiteral("</li>\r\n");
 
             
-            #line 611 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 615 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                 }
 
             
@@ -2413,13 +2417,13 @@ WriteLiteral("</li>\r\n");
 WriteLiteral("                            </ul>\r\n                        </div>\r\n");
 
             
-            #line 614 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 618 "..\..\Views\Job\JobParts\_Subject.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 614 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 618 "..\..\Views\Job\JobParts\_Subject.cshtml"
                          using (Html.BeginForm(MVC.API.Job.ForceClose(Model.Job.Id, null, true)))
                         {
                             
@@ -2427,14 +2431,14 @@ WriteLiteral("                            </ul>\r\n                        </div
             #line default
             #line hidden
             
-            #line 616 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 620 "..\..\Views\Job\JobParts\_Subject.cshtml"
                        Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 616 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 620 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                     
 
             
@@ -2451,7 +2455,7 @@ WriteLiteral(" class=\"block\"");
 WriteLiteral("></textarea>\r\n                            </p>\r\n");
 
             
-            #line 621 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 625 "..\..\Views\Job\JobParts\_Subject.cshtml"
                         }
 
             
@@ -2486,7 +2490,7 @@ WriteLiteral(">\r\n                        $(function () {\r\n
 "                  </script>\r\n");
 
             
-            #line 654 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 658 "..\..\Views\Job\JobParts\_Subject.cshtml"
                 }
             
             
@@ -2495,13 +2499,13 @@ WriteLiteral(">\r\n                        $(function () {\r\n
 WriteLiteral("\r\n\r\n");
 
             
-            #line 657 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 661 "..\..\Views\Job\JobParts\_Subject.cshtml"
             
             
             #line default
             #line hidden
             
-            #line 657 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 661 "..\..\Views\Job\JobParts\_Subject.cshtml"
              if (Model.Job.CanCloseNormally())
             {
 
@@ -2529,13 +2533,13 @@ WriteLiteral(" title=\"Close this Job?\"");
 WriteLiteral(">\r\n");
 
             
-            #line 661 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 665 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 661 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 665 "..\..\Views\Job\JobParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.Job.Close(Model.Job.Id, true)))
                     {
                         
@@ -2543,14 +2547,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 663 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 667 "..\..\Views\Job\JobParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 663 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 667 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                 
                     }
 
@@ -2599,7 +2603,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 698 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 702 "..\..\Views\Job\JobParts\_Subject.cshtml"
             }
 
             
@@ -2608,7 +2612,7 @@ WriteLiteral(@">
 WriteLiteral("            ");
 
             
-            #line 699 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 703 "..\..\Views\Job\JobParts\_Subject.cshtml"
              if (Model.Job.CanReopen())
             {
 
@@ -2636,13 +2640,13 @@ WriteLiteral(" title=\"Reopen this Job?\"");
 WriteLiteral(">\r\n");
 
             
-            #line 703 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 707 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 703 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 707 "..\..\Views\Job\JobParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.Job.Reopen(Model.Job.Id, true)))
                     {
                         
@@ -2650,14 +2654,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 705 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 709 "..\..\Views\Job\JobParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 705 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 709 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                 
                     }
 
@@ -2706,7 +2710,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 740 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 744 "..\..\Views\Job\JobParts\_Subject.cshtml"
             }
 
             
@@ -2715,7 +2719,7 @@ WriteLiteral(@">
 WriteLiteral("            ");
 
             
-            #line 741 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 745 "..\..\Views\Job\JobParts\_Subject.cshtml"
              if (Model.Job.CanDelete())
             {
 
@@ -2743,13 +2747,13 @@ WriteLiteral(" title=\"Delete this Job?\"");
 WriteLiteral(">\r\n");
 
             
-            #line 745 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 749 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 745 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 749 "..\..\Views\Job\JobParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.Job.Delete(Model.Job.Id, true)))
                     {
                         
@@ -2757,14 +2761,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 747 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 751 "..\..\Views\Job\JobParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 747 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 751 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                 
                     }
 
@@ -2814,7 +2818,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 782 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 786 "..\..\Views\Job\JobParts\_Subject.cshtml"
             }
 
             
@@ -2823,7 +2827,7 @@ WriteLiteral(@">
 WriteLiteral("            ");
 
             
-            #line 783 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 787 "..\..\Views\Job\JobParts\_Subject.cshtml"
              if (Model.Job.CanAddQueues() && Model.AvailableQueues != null && Model.AvailableQueues.Count > 0)
             {
 
@@ -2837,14 +2841,14 @@ WriteLiteral("            ");
             #line default
             #line hidden
             
-            #line 791 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 795 "..\..\Views\Job\JobParts\_Subject.cshtml"
            Write(Html.ActionLinkSmallButton("Add to Queue", MVC.API.JobQueueJob.AddJob(), "Job_Show_Job_Actions_AddQueue_Button"));
 
             
             #line default
             #line hidden
             
-            #line 791 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 795 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                  
 
             
@@ -2861,13 +2865,13 @@ WriteLiteral(" title=\"Add Job to Queue\"");
 WriteLiteral(">\r\n");
 
             
-            #line 793 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 797 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 793 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 797 "..\..\Views\Job\JobParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.JobQueueJob.AddJob()))
                     {
                         
@@ -2875,14 +2879,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 795 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 799 "..\..\Views\Job\JobParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 795 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 799 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                 
 
             
@@ -2906,14 +2910,14 @@ WriteLiteral(" type=\"hidden\"");
 
 WriteLiteral(" name=\"JobId\"");
 
-WriteAttribute("value", Tuple.Create(" value=\"", 52102), Tuple.Create("\"", 52123)
+WriteAttribute("value", Tuple.Create(" value=\"", 52288), Tuple.Create("\"", 52309)
             
-            #line 797 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                , Tuple.Create(Tuple.Create("", 52110), Tuple.Create<System.Object, System.Int32>(Model.Job.Id
+            #line 801 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                , Tuple.Create(Tuple.Create("", 52296), Tuple.Create<System.Object, System.Int32>(Model.Job.Id
             
             #line default
             #line hidden
-, 52110), false)
+, 52296), false)
 );
 
 WriteLiteral(" />\r\n");
@@ -2925,13 +2929,13 @@ WriteLiteral(" class=\"queuePicker\"");
 WriteLiteral(">\r\n");
 
             
-            #line 799 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 803 "..\..\Views\Job\JobParts\_Subject.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 799 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 803 "..\..\Views\Job\JobParts\_Subject.cshtml"
                              foreach (var jobQueue in Model.AvailableQueues.OrderBy(jq => jq.Name))
                             {
 
@@ -2945,7 +2949,7 @@ WriteLiteral(" class=\"queue\"");
 WriteLiteral(" data-queueid=\"");
 
             
-            #line 801 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 805 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                              Write(jobQueue.Id);
 
             
@@ -2956,7 +2960,7 @@ WriteLiteral("\"");
 WriteLiteral(" data-queuesla=\"");
 
             
-            #line 801 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 805 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                             Write(jobQueue.DefaultSLAExpiry.HasValue ? jobQueue.DefaultSLAExpiry.Value.ToString() : null);
 
             
@@ -2967,7 +2971,7 @@ WriteLiteral("\"");
 WriteLiteral(" data-queuepriority=\"");
 
             
-            #line 801 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 805 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                                                                                            Write(jobQueue.Priority.ToString());
 
             
@@ -2977,32 +2981,32 @@ WriteLiteral("\"");
 
 WriteLiteral(">\r\n                                    <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 52592), Tuple.Create("\"", 52659)
-, Tuple.Create(Tuple.Create("", 52600), Tuple.Create("fa", 52600), true)
-, Tuple.Create(Tuple.Create(" ", 52602), Tuple.Create("fa-", 52603), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 52778), Tuple.Create("\"", 52845)
+, Tuple.Create(Tuple.Create("", 52786), Tuple.Create("fa", 52786), true)
+, Tuple.Create(Tuple.Create(" ", 52788), Tuple.Create("fa-", 52789), true)
             
-            #line 802 "..\..\Views\Job\JobParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 52606), Tuple.Create<System.Object, System.Int32>(jobQueue.Icon
+            #line 806 "..\..\Views\Job\JobParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 52792), Tuple.Create<System.Object, System.Int32>(jobQueue.Icon
             
             #line default
             #line hidden
-, 52606), false)
-, Tuple.Create(Tuple.Create(" ", 52622), Tuple.Create("fa-fw", 52623), true)
-, Tuple.Create(Tuple.Create(" ", 52628), Tuple.Create("fa-lg", 52629), true)
-, Tuple.Create(Tuple.Create(" ", 52634), Tuple.Create("d-", 52635), true)
+, 52792), false)
+, Tuple.Create(Tuple.Create(" ", 52808), Tuple.Create("fa-fw", 52809), true)
+, Tuple.Create(Tuple.Create(" ", 52814), Tuple.Create("fa-lg", 52815), true)
+, Tuple.Create(Tuple.Create(" ", 52820), Tuple.Create("d-", 52821), true)
             
-            #line 802 "..\..\Views\Job\JobParts\_Subject.cshtml"
-   , Tuple.Create(Tuple.Create("", 52637), Tuple.Create<System.Object, System.Int32>(jobQueue.IconColour
+            #line 806 "..\..\Views\Job\JobParts\_Subject.cshtml"
+   , Tuple.Create(Tuple.Create("", 52823), Tuple.Create<System.Object, System.Int32>(jobQueue.IconColour
             
             #line default
             #line hidden
-, 52637), false)
+, 52823), false)
 );
 
 WriteLiteral("></i>");
 
             
-            #line 802 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 806 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                           Write(jobQueue.Name);
 
             
@@ -3011,7 +3015,7 @@ WriteLiteral("></i>");
 WriteLiteral("\r\n                                </div>\r\n");
 
             
-            #line 804 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 808 "..\..\Views\Job\JobParts\_Subject.cshtml"
                             }
 
             
@@ -3029,7 +3033,7 @@ WriteLiteral(">\r\n                            <div>\r\n
 WriteLiteral("                                ");
 
             
-            #line 809 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 813 "..\..\Views\Job\JobParts\_Subject.cshtml"
                            Write(Html.DropDownList("Priority", priorityItems, new { id = "Job_Show_Job_Actions_AddQueue_Priority" }));
 
             
@@ -3037,27 +3041,27 @@ WriteLiteral("                                ");
             #line hidden
 WriteLiteral(" <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 53056), Tuple.Create("\"", 53104)
-, Tuple.Create(Tuple.Create("", 53064), Tuple.Create("fa", 53064), true)
-, Tuple.Create(Tuple.Create(" ", 53066), Tuple.Create("d-priority-", 53067), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 53242), Tuple.Create("\"", 53290)
+, Tuple.Create(Tuple.Create("", 53250), Tuple.Create("fa", 53250), true)
+, Tuple.Create(Tuple.Create(" ", 53252), Tuple.Create("d-priority-", 53253), true)
             
-            #line 809 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                             , Tuple.Create(Tuple.Create("", 53078), Tuple.Create<System.Object, System.Int32>(priorityValue.ToLower()
+            #line 813 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                                                             , Tuple.Create(Tuple.Create("", 53264), Tuple.Create<System.Object, System.Int32>(priorityValue.ToLower()
             
             #line default
             #line hidden
-, 53078), false)
+, 53264), false)
 );
 
-WriteAttribute("title", Tuple.Create(" title=\"", 53105), Tuple.Create("\"", 53138)
+WriteAttribute("title", Tuple.Create(" title=\"", 53291), Tuple.Create("\"", 53324)
             
-            #line 809 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                                                                , Tuple.Create(Tuple.Create("", 53113), Tuple.Create<System.Object, System.Int32>(priorityValue
+            #line 813 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                                                                                                , Tuple.Create(Tuple.Create("", 53299), Tuple.Create<System.Object, System.Int32>(priorityValue
             
             #line default
             #line hidden
-, 53113), false)
-, Tuple.Create(Tuple.Create(" ", 53129), Tuple.Create("Priority", 53130), true)
+, 53299), false)
+, Tuple.Create(Tuple.Create(" ", 53315), Tuple.Create("Priority", 53316), true)
 );
 
 WriteLiteral("></i>\r\n                            </div>\r\n                            <div>\r\n   " +
@@ -3066,7 +3070,7 @@ WriteLiteral("></i>\r\n                            </div>\r\n
 WriteLiteral("                                ");
 
             
-            #line 813 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 817 "..\..\Views\Job\JobParts\_Subject.cshtml"
                            Write(Html.DropDownList("SLAExpiresMinutes", slaOptions, new { id = "Job_Show_Job_Actions_AddQueue_SLAExpiresMinutes" }));
 
             
@@ -3084,7 +3088,7 @@ WriteLiteral("></textarea>\r\n                            </div>\r\n
 "\n");
 
             
-            #line 820 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 824 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     }
 
             
@@ -3145,32 +3149,7 @@ WriteLiteral(">\r\n                    $(function () {\r\n
 "        });\r\n                    });\r\n                </script>\r\n");
 
             
-            #line 898 "..\..\Views\Job\JobParts\_Subject.cshtml"
-            }
-
-            
-            #line default
-            #line hidden
-WriteLiteral("            ");
-
-            
-            #line 899 "..\..\Views\Job\JobParts\_Subject.cshtml"
-             if (Model.Job.CanLogWarranty())
-            {
-                
-            
-            #line default
-            #line hidden
-            
-            #line 901 "..\..\Views\Job\JobParts\_Subject.cshtml"
-           Write(Html.ActionLinkSmallButton("Lodge Warranty", MVC.Job.LogWarranty(Model.Job.Id, null, null), "Job_Show_Job_Actions_LogWarranty_Button"));
-
-            
-            #line default
-            #line hidden
-            
-            #line 901 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                                                                                                       
+            #line 902 "..\..\Views\Job\JobParts\_Subject.cshtml"
             }
 
             
@@ -3180,7 +3159,7 @@ WriteLiteral("            ");
 
             
             #line 903 "..\..\Views\Job\JobParts\_Subject.cshtml"
-             if (Model.Job.CanWarrantyCompleted())
+             if (Model.Job.CanLogWarranty())
             {
                 
             
@@ -3188,14 +3167,14 @@ WriteLiteral("            ");
             #line hidden
             
             #line 905 "..\..\Views\Job\JobParts\_Subject.cshtml"
-           Write(Html.ActionLinkSmallButton("Warranty Complete", MVC.API.Job.UpdateWarrantyExternalCompletedDate(Model.Job.Id, "Now", true), "Job_Show_Job_Actions_WarrantyComplete_Button", "alert"));
+           Write(Html.ActionLinkSmallButton("Lodge Warranty", MVC.Job.LogWarranty(Model.Job.Id, null, null), "Job_Show_Job_Actions_LogWarranty_Button"));
 
             
             #line default
             #line hidden
             
             #line 905 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                                                                                                                                                     
+                                                                                                                                                       
             }
 
             
@@ -3205,7 +3184,7 @@ WriteLiteral("            ");
 
             
             #line 907 "..\..\Views\Job\JobParts\_Subject.cshtml"
-             if (Model.Job.CanLogInsurance())
+             if (Model.Job.CanWarrantyCompleted())
             {
                 
             
@@ -3213,73 +3192,98 @@ WriteLiteral("            ");
             #line hidden
             
             #line 909 "..\..\Views\Job\JobParts\_Subject.cshtml"
-           Write(Html.ActionLinkSmallButton("Lodge Insurance", MVC.Job.LogInsurance(Model.Job.Id, null, null), "Job_Show_Job_Actions_LogInsurance_Button", "alert"));
+           Write(Html.ActionLinkSmallButton("Warranty Complete", MVC.API.Job.UpdateWarrantyExternalCompletedDate(Model.Job.Id, "Now", true), "Job_Show_Job_Actions_WarrantyComplete_Button", "alert"));
 
             
             #line default
             #line hidden
             
             #line 909 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                                                                                                                   
-            }
-
-            
-            #line default
-            #line hidden
-WriteLiteral("            ");
-
-            
-            #line 911 "..\..\Views\Job\JobParts\_Subject.cshtml"
-             if (Model.Job.CanLogRepair())
-            {
-                
-            
-            #line default
-            #line hidden
-            
-            #line 913 "..\..\Views\Job\JobParts\_Subject.cshtml"
-           Write(Html.ActionLinkSmallButton("Lodge Repair", MVC.Job.LogRepair(Model.Job.Id, null, null), "Job_Show_Job_Actions_LogRepair_Button"));
-
-            
-            #line default
-            #line hidden
-            
-            #line 913 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                                                                                                                                 
-            }
-
-            
-            #line default
-            #line hidden
-WriteLiteral("            ");
-
-            
-            #line 915 "..\..\Views\Job\JobParts\_Subject.cshtml"
-             if (Model.Job.CanRepairComplete())
-            {
-                
-            
-            #line default
-            #line hidden
-            
-            #line 917 "..\..\Views\Job\JobParts\_Subject.cshtml"
-           Write(Html.ActionLinkSmallButton("Repairs Complete", MVC.API.Job.UpdateNonWarrantyRepairerCompletedDate(Model.Job.Id, "Now", true), "Job_Show_Job_Actions_RepairComplete_Button", "alert"));
-
-            
-            #line default
-            #line hidden
-            
-            #line 917 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                                                                                                                                                                      
             }
 
             
+            #line default
+            #line hidden
+WriteLiteral("            ");
+
+            
+            #line 911 "..\..\Views\Job\JobParts\_Subject.cshtml"
+             if (Model.Job.CanLogInsurance())
+            {
+                
+            
+            #line default
+            #line hidden
+            
+            #line 913 "..\..\Views\Job\JobParts\_Subject.cshtml"
+           Write(Html.ActionLinkSmallButton("Lodge Insurance", MVC.Job.LogInsurance(Model.Job.Id, null, null), "Job_Show_Job_Actions_LogInsurance_Button", "alert"));
+
+            
+            #line default
+            #line hidden
+            
+            #line 913 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                                                                                                                                                   
+            }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("            ");
+
+            
+            #line 915 "..\..\Views\Job\JobParts\_Subject.cshtml"
+             if (Model.Job.CanLogRepair())
+            {
+                
+            
+            #line default
+            #line hidden
+            
+            #line 917 "..\..\Views\Job\JobParts\_Subject.cshtml"
+           Write(Html.ActionLinkSmallButton("Lodge Repair", MVC.Job.LogRepair(Model.Job.Id, null, null), "Job_Show_Job_Actions_LogRepair_Button"));
+
+            
+            #line default
+            #line hidden
+            
+            #line 917 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                                                                                                                                 
+            }
+
+            
             #line default
             #line hidden
 WriteLiteral("            ");
 
             
             #line 919 "..\..\Views\Job\JobParts\_Subject.cshtml"
+             if (Model.Job.CanRepairComplete())
+            {
+                
+            
+            #line default
+            #line hidden
+            
+            #line 921 "..\..\Views\Job\JobParts\_Subject.cshtml"
+           Write(Html.ActionLinkSmallButton("Repairs Complete", MVC.API.Job.UpdateNonWarrantyRepairerCompletedDate(Model.Job.Id, "Now", true), "Job_Show_Job_Actions_RepairComplete_Button", "alert"));
+
+            
+            #line default
+            #line hidden
+            
+            #line 921 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                                                                                                                                                                                     
+            }
+
+            
+            #line default
+            #line hidden
+WriteLiteral("            ");
+
+            
+            #line 923 "..\..\Views\Job\JobParts\_Subject.cshtml"
              if (Model.Job.CanConvertHWarToHNWar())
             {
 
@@ -3307,13 +3311,13 @@ WriteLiteral(" title=\"Convert this Job?\"");
 WriteLiteral(">\r\n");
 
             
-            #line 923 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 927 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     
             
             #line default
             #line hidden
             
-            #line 923 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 927 "..\..\Views\Job\JobParts\_Subject.cshtml"
                      using (Html.BeginForm(MVC.API.Job.ConvertHWarToHNWar(Model.Job.Id, true)))
                     {
                         
@@ -3321,14 +3325,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 925 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 929 "..\..\Views\Job\JobParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 925 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 929 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                 
                     }
 
@@ -3379,7 +3383,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 962 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 966 "..\..\Views\Job\JobParts\_Subject.cshtml"
             }
 
             
@@ -3388,13 +3392,13 @@ WriteLiteral(@">
 WriteLiteral("        </td>\r\n");
 
             
-            #line 964 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 968 "..\..\Views\Job\JobParts\_Subject.cshtml"
         
             
             #line default
             #line hidden
             
-            #line 964 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 968 "..\..\Views\Job\JobParts\_Subject.cshtml"
          if (Model.Job.Device != null)
         {
 
@@ -3408,13 +3412,13 @@ WriteLiteral(" id=\"Job_Show_Device_Actions\"");
 WriteLiteral(">\r\n");
 
             
-            #line 967 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 971 "..\..\Views\Job\JobParts\_Subject.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 967 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 971 "..\..\Views\Job\JobParts\_Subject.cshtml"
                  if (Model.Job.CanDeviceHeld())
                 {
                     using (Html.BeginForm(MVC.API.Job.DeviceHeld(Model.Job.Id, true)))
@@ -3424,14 +3428,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 971 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 975 "..\..\Views\Job\JobParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 971 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 975 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                 
 
             
@@ -3448,7 +3452,7 @@ WriteLiteral(" class=\"button small\"");
 WriteLiteral(">Device Held</button>\r\n");
 
             
-            #line 973 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 977 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     }
                 }
 
@@ -3458,7 +3462,7 @@ WriteLiteral(">Device Held</button>\r\n");
 WriteLiteral("                ");
 
             
-            #line 975 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 979 "..\..\Views\Job\JobParts\_Subject.cshtml"
                  if (Model.Job.CanDeviceReadyForReturn())
                 {
                     using (Html.BeginForm(MVC.API.Job.DeviceReadyForReturn(Model.Job.Id, true)))
@@ -3468,14 +3472,14 @@ WriteLiteral("                ");
             #line default
             #line hidden
             
-            #line 979 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 983 "..\..\Views\Job\JobParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 979 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 983 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                 
 
             
@@ -3492,7 +3496,7 @@ WriteLiteral(" class=\"button small alert\"");
 WriteLiteral(">Device Ready For Return</button>\r\n");
 
             
-            #line 981 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 985 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     }
                 }
 
@@ -3502,7 +3506,7 @@ WriteLiteral(">Device Ready For Return</button>\r\n");
 WriteLiteral("                ");
 
             
-            #line 983 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 987 "..\..\Views\Job\JobParts\_Subject.cshtml"
                  if (Model.Job.CanDeviceReturned())
                 {
                     using (Html.BeginForm(MVC.API.Job.DeviceReturned(Model.Job.Id, true)))
@@ -3512,14 +3516,14 @@ WriteLiteral("                ");
             #line default
             #line hidden
             
-            #line 987 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 991 "..\..\Views\Job\JobParts\_Subject.cshtml"
                    Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 987 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 991 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                 
 
             
@@ -3531,22 +3535,22 @@ WriteLiteral(" id=\"Job_Show_Device_Actions_DeviceReturned_Button\"");
 
 WriteLiteral(" type=\"submit\"");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 62380), Tuple.Create("\"", 62456)
-, Tuple.Create(Tuple.Create("", 62388), Tuple.Create("button", 62388), true)
-, Tuple.Create(Tuple.Create(" ", 62394), Tuple.Create("small", 62395), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 62566), Tuple.Create("\"", 62642)
+, Tuple.Create(Tuple.Create("", 62574), Tuple.Create("button", 62574), true)
+, Tuple.Create(Tuple.Create(" ", 62580), Tuple.Create("small", 62581), true)
             
-            #line 988 "..\..\Views\Job\JobParts\_Subject.cshtml"
-                                    , Tuple.Create(Tuple.Create(" ", 62400), Tuple.Create<System.Object, System.Int32>(Model.Job.CanDeviceReadyForReturn() ? null : "alert"
+            #line 992 "..\..\Views\Job\JobParts\_Subject.cshtml"
+                                    , Tuple.Create(Tuple.Create(" ", 62586), Tuple.Create<System.Object, System.Int32>(Model.Job.CanDeviceReadyForReturn() ? null : "alert"
             
             #line default
             #line hidden
-, 62401), false)
+, 62587), false)
 );
 
 WriteLiteral(">Device Returned</button>\r\n");
 
             
-            #line 989 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 993 "..\..\Views\Job\JobParts\_Subject.cshtml"
                     }
                 }
 
@@ -3556,7 +3560,7 @@ WriteLiteral(">Device Returned</button>\r\n");
 WriteLiteral("            </td>\r\n");
 
             
-            #line 992 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 996 "..\..\Views\Job\JobParts\_Subject.cshtml"
         }
 
             
@@ -3565,7 +3569,7 @@ WriteLiteral("            </td>\r\n");
 WriteLiteral("        ");
 
             
-            #line 993 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 997 "..\..\Views\Job\JobParts\_Subject.cshtml"
          if (Model.Job.User != null)
         {
 
@@ -3579,13 +3583,13 @@ WriteLiteral(" id=\"Job_Show_User_Actions\"");
 WriteLiteral(">\r\n\r\n\r\n");
 
             
-            #line 998 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1002 "..\..\Views\Job\JobParts\_Subject.cshtml"
                 
             
             #line default
             #line hidden
             
-            #line 998 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1002 "..\..\Views\Job\JobParts\_Subject.cshtml"
                  if (Model.Job.CanWaitingForUserAction())
                 {
 
@@ -3613,13 +3617,13 @@ WriteLiteral(" title=\"Waiting for User Action\"");
 WriteLiteral(">\r\n");
 
             
-            #line 1002 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1006 "..\..\Views\Job\JobParts\_Subject.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 1002 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1006 "..\..\Views\Job\JobParts\_Subject.cshtml"
                          using (Html.BeginForm(MVC.API.Job.WaitingForUserAction(Model.Job.Id, null, true)))
                         {
                             
@@ -3627,14 +3631,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 1004 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1008 "..\..\Views\Job\JobParts\_Subject.cshtml"
                        Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 1004 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1008 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                     
 
             
@@ -3651,7 +3655,7 @@ WriteLiteral(" class=\"block\"");
 WriteLiteral("></textarea>\r\n                            </p>\r\n");
 
             
-            #line 1009 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1013 "..\..\Views\Job\JobParts\_Subject.cshtml"
                         }
 
             
@@ -3686,7 +3690,7 @@ WriteLiteral(">\r\n                        $(function () {\r\n
 "                    });\r\n                    </script>\r\n");
 
             
-            #line 1042 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1046 "..\..\Views\Job\JobParts\_Subject.cshtml"
                 }
 
             
@@ -3695,7 +3699,7 @@ WriteLiteral(">\r\n                        $(function () {\r\n
 WriteLiteral("                ");
 
             
-            #line 1043 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1047 "..\..\Views\Job\JobParts\_Subject.cshtml"
                  if (Model.Job.CanNotWaitingForUserAction())
                 {
 
@@ -3723,13 +3727,13 @@ WriteLiteral(" title=\"Not Waiting for User Action\"");
 WriteLiteral(">\r\n");
 
             
-            #line 1047 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1051 "..\..\Views\Job\JobParts\_Subject.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 1047 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1051 "..\..\Views\Job\JobParts\_Subject.cshtml"
                          using (Html.BeginForm(MVC.API.Job.NotWaitingForUserAction(Model.Job.Id, null, true)))
                         {
                             
@@ -3737,14 +3741,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 1049 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1053 "..\..\Views\Job\JobParts\_Subject.cshtml"
                        Write(Html.AntiForgeryToken());
 
             
             #line default
             #line hidden
             
-            #line 1049 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1053 "..\..\Views\Job\JobParts\_Subject.cshtml"
                                                     
 
             
@@ -3761,7 +3765,7 @@ WriteLiteral(" class=\"block\"");
 WriteLiteral("></textarea>\r\n                            </p>\r\n");
 
             
-            #line 1054 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1058 "..\..\Views\Job\JobParts\_Subject.cshtml"
                         }
 
             
@@ -3797,7 +3801,7 @@ WriteLiteral(">\r\n                        $(function () {\r\n
 "    });\r\n                    </script>\r\n");
 
             
-            #line 1088 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1092 "..\..\Views\Job\JobParts\_Subject.cshtml"
                 }
 
             
@@ -3806,7 +3810,7 @@ WriteLiteral(">\r\n                        $(function () {\r\n
 WriteLiteral("\r\n            </td>\r\n");
 
             
-            #line 1091 "..\..\Views\Job\JobParts\_Subject.cshtml"
+            #line 1095 "..\..\Views\Job\JobParts\_Subject.cshtml"
         }
 
             
diff --git a/Disco.Web/Views/User/Show.cshtml b/Disco.Web/Views/User/Show.cshtml
index a3514a07..e59f673b 100644
--- a/Disco.Web/Views/User/Show.cshtml
+++ b/Disco.Web/Views/User/Show.cshtml
@@ -13,17 +13,20 @@
     }
 }
 <div id="User_Show" data-userid="@Model.User.UserId">
-    @if (Authorization.Has(Claims.User.ShowFlagAssignments))
+    @if (Model.User.UserFlagAssignments.CanShowAny())
     {
         <div id="User_Show_Flags">
             @foreach (var flag in Model.User.UserFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, UserFlagService.GetUserFlag(f.UserFlagId))))
             {
-                <i class="flag fa fa-@(flag.Item2.Icon) fa-fw fa-lg d-@(flag.Item2.IconColour)">
-                    <span class="details">
-                        <span class="name">@flag.Item2.Name</span>@if (flag.Item1.Comments != null)
-                        {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUser)</span>
-                    </span>
-                </i>
+                if (flag.Item2.permission.CanShow())
+                {
+                    <i class="flag fa fa-@(flag.Item2.flag.Icon) fa-fw fa-lg d-@(flag.Item2.flag.IconColour)">
+                        <span class="details">
+                            <span class="name">@flag.Item2.flag.Name</span>@if (flag.Item1.Comments != null)
+                            {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUser)</span>
+                        </span>
+                    </i>
+                }
             }
         </div>
         <script type="text/javascript">
@@ -106,7 +109,7 @@
         {
             @Html.Partial(MVC.User.Views.UserParts._Resources, Model)
         }
-        @if (Authorization.Has(Claims.User.ShowFlagAssignments))
+        @if (Authorization.Has(Claims.User.ShowFlagAssignments) || Model.User.UserFlagAssignments.CanShowAny())
         {
             @Html.Partial(MVC.User.Views.UserParts._Flags, Model)
         }
diff --git a/Disco.Web/Views/User/Show.generated.cs b/Disco.Web/Views/User/Show.generated.cs
index 5fa96557..f7f8d17c 100644
--- a/Disco.Web/Views/User/Show.generated.cs
+++ b/Disco.Web/Views/User/Show.generated.cs
@@ -91,7 +91,7 @@ WriteLiteral(">\r\n");
             #line hidden
             
             #line 16 "..\..\Views\User\Show.cshtml"
-     if (Authorization.Has(Claims.User.ShowFlagAssignments))
+     if (Model.User.UserFlagAssignments.CanShowAny())
     {
 
             
@@ -113,48 +113,50 @@ WriteLiteral(">\r\n");
             #line 19 "..\..\Views\User\Show.cshtml"
              foreach (var flag in Model.User.UserFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, UserFlagService.GetUserFlag(f.UserFlagId))))
             {
+                if (flag.Item2.permission.CanShow())
+                {
 
             
             #line default
             #line hidden
-WriteLiteral("                <i");
+WriteLiteral("                    <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 867), Tuple.Create("\"", 943)
-, Tuple.Create(Tuple.Create("", 875), Tuple.Create("flag", 875), true)
-, Tuple.Create(Tuple.Create(" ", 879), Tuple.Create("fa", 880), true)
-, Tuple.Create(Tuple.Create(" ", 882), Tuple.Create("fa-", 883), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 937), Tuple.Create("\"", 1023)
+, Tuple.Create(Tuple.Create("", 945), Tuple.Create("flag", 945), true)
+, Tuple.Create(Tuple.Create(" ", 949), Tuple.Create("fa", 950), true)
+, Tuple.Create(Tuple.Create(" ", 952), Tuple.Create("fa-", 953), true)
             
-            #line 21 "..\..\Views\User\Show.cshtml"
-, Tuple.Create(Tuple.Create("", 886), Tuple.Create<System.Object, System.Int32>(flag.Item2.Icon
+            #line 23 "..\..\Views\User\Show.cshtml"
+, Tuple.Create(Tuple.Create("", 956), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.Icon
             
             #line default
             #line hidden
-, 886), false)
-, Tuple.Create(Tuple.Create(" ", 904), Tuple.Create("fa-fw", 905), true)
-, Tuple.Create(Tuple.Create(" ", 910), Tuple.Create("fa-lg", 911), true)
-, Tuple.Create(Tuple.Create(" ", 916), Tuple.Create("d-", 917), true)
+, 956), false)
+, Tuple.Create(Tuple.Create(" ", 979), Tuple.Create("fa-fw", 980), true)
+, Tuple.Create(Tuple.Create(" ", 985), Tuple.Create("fa-lg", 986), true)
+, Tuple.Create(Tuple.Create(" ", 991), Tuple.Create("d-", 992), true)
             
-            #line 21 "..\..\Views\User\Show.cshtml"
-, Tuple.Create(Tuple.Create("", 919), Tuple.Create<System.Object, System.Int32>(flag.Item2.IconColour
+            #line 23 "..\..\Views\User\Show.cshtml"
+ , Tuple.Create(Tuple.Create("", 994), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.IconColour
             
             #line default
             #line hidden
-, 919), false)
+, 994), false)
 );
 
-WriteLiteral(">\r\n                    <span");
+WriteLiteral(">\r\n                        <span");
 
 WriteLiteral(" class=\"details\"");
 
-WriteLiteral(">\r\n                        <span");
+WriteLiteral(">\r\n                            <span");
 
 WriteLiteral(" class=\"name\"");
 
 WriteLiteral(">");
 
             
-            #line 23 "..\..\Views\User\Show.cshtml"
-                                      Write(flag.Item2.Name);
+            #line 25 "..\..\Views\User\Show.cshtml"
+                                          Write(flag.Item2.flag.Name);
 
             
             #line default
@@ -162,9 +164,9 @@ WriteLiteral(">");
 WriteLiteral("</span>");
 
             
-            #line 23 "..\..\Views\User\Show.cshtml"
-                                                                   if (flag.Item1.Comments != null)
-                        {
+            #line 25 "..\..\Views\User\Show.cshtml"
+                                                                            if (flag.Item1.Comments != null)
+                            {
             
             #line default
             #line hidden
@@ -175,8 +177,8 @@ WriteLiteral(" class=\"comments\"");
 WriteLiteral(">");
 
             
-            #line 24 "..\..\Views\User\Show.cshtml"
-                                           Write(flag.Item1.Comments.ToHtmlComment());
+            #line 26 "..\..\Views\User\Show.cshtml"
+                                               Write(flag.Item1.Comments.ToHtmlComment());
 
             
             #line default
@@ -184,8 +186,8 @@ WriteLiteral(">");
 WriteLiteral("</span>");
 
             
-            #line 24 "..\..\Views\User\Show.cshtml"
-                                                                                           }
+            #line 26 "..\..\Views\User\Show.cshtml"
+                                                                                               }
             
             #line default
             #line hidden
@@ -196,16 +198,17 @@ WriteLiteral(" class=\"added\"");
 WriteLiteral(">");
 
             
-            #line 24 "..\..\Views\User\Show.cshtml"
-                                                                                                           Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUser));
+            #line 26 "..\..\Views\User\Show.cshtml"
+                                                                                                               Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUser));
 
             
             #line default
             #line hidden
-WriteLiteral("</span>\r\n                    </span>\r\n                </i>\r\n");
+WriteLiteral("</span>\r\n                        </span>\r\n                    </i>\r\n");
 
             
-            #line 27 "..\..\Views\User\Show.cshtml"
+            #line 29 "..\..\Views\User\Show.cshtml"
+                }
             }
 
             
@@ -251,7 +254,7 @@ WriteLiteral(@">
 ");
 
             
-            #line 60 "..\..\Views\User\Show.cshtml"
+            #line 63 "..\..\Views\User\Show.cshtml"
     }
 
             
@@ -260,7 +263,7 @@ WriteLiteral(@">
 WriteLiteral("    ");
 
             
-            #line 61 "..\..\Views\User\Show.cshtml"
+            #line 64 "..\..\Views\User\Show.cshtml"
 Write(Html.Partial(MVC.User.Views.UserParts._Subject, Model));
 
             
@@ -300,13 +303,13 @@ WriteLiteral(" id=\"UserDetailTabItems\"");
 WriteLiteral("></ul>\r\n");
 
             
-            #line 97 "..\..\Views\User\Show.cshtml"
+            #line 100 "..\..\Views\User\Show.cshtml"
         
             
             #line default
             #line hidden
             
-            #line 97 "..\..\Views\User\Show.cshtml"
+            #line 100 "..\..\Views\User\Show.cshtml"
          if (Authorization.HasAny(Claims.User.ShowComments, Claims.User.ShowJobs))
         {
             
@@ -314,14 +317,14 @@ WriteLiteral("></ul>\r\n");
             #line default
             #line hidden
             
-            #line 99 "..\..\Views\User\Show.cshtml"
+            #line 102 "..\..\Views\User\Show.cshtml"
        Write(Html.Partial(MVC.User.Views.UserParts._CommentsAndJobs, Model));
 
             
             #line default
             #line hidden
             
-            #line 99 "..\..\Views\User\Show.cshtml"
+            #line 102 "..\..\Views\User\Show.cshtml"
                                                                            
         }
 
@@ -331,7 +334,7 @@ WriteLiteral("></ul>\r\n");
 WriteLiteral("        ");
 
             
-            #line 101 "..\..\Views\User\Show.cshtml"
+            #line 104 "..\..\Views\User\Show.cshtml"
          if (Authorization.Has(Claims.User.ShowAssignmentHistory))
         {
             
@@ -339,14 +342,14 @@ WriteLiteral("        ");
             #line default
             #line hidden
             
-            #line 103 "..\..\Views\User\Show.cshtml"
+            #line 106 "..\..\Views\User\Show.cshtml"
        Write(Html.Partial(MVC.User.Views.UserParts._AssignmentHistory, Model));
 
             
             #line default
             #line hidden
             
-            #line 103 "..\..\Views\User\Show.cshtml"
+            #line 106 "..\..\Views\User\Show.cshtml"
                                                                              
         }
 
@@ -356,7 +359,7 @@ WriteLiteral("        ");
 WriteLiteral("        ");
 
             
-            #line 105 "..\..\Views\User\Show.cshtml"
+            #line 108 "..\..\Views\User\Show.cshtml"
          if (Authorization.Has(Claims.User.ShowAttachments))
         {
             
@@ -364,14 +367,14 @@ WriteLiteral("        ");
             #line default
             #line hidden
             
-            #line 107 "..\..\Views\User\Show.cshtml"
+            #line 110 "..\..\Views\User\Show.cshtml"
        Write(Html.Partial(MVC.User.Views.UserParts._Resources, Model));
 
             
             #line default
             #line hidden
             
-            #line 107 "..\..\Views\User\Show.cshtml"
+            #line 110 "..\..\Views\User\Show.cshtml"
                                                                      
         }
 
@@ -381,22 +384,22 @@ WriteLiteral("        ");
 WriteLiteral("        ");
 
             
-            #line 109 "..\..\Views\User\Show.cshtml"
-         if (Authorization.Has(Claims.User.ShowFlagAssignments))
+            #line 112 "..\..\Views\User\Show.cshtml"
+         if (Authorization.Has(Claims.User.ShowFlagAssignments) || Model.User.UserFlagAssignments.CanShowAny())
         {
             
             
             #line default
             #line hidden
             
-            #line 111 "..\..\Views\User\Show.cshtml"
+            #line 114 "..\..\Views\User\Show.cshtml"
        Write(Html.Partial(MVC.User.Views.UserParts._Flags, Model));
 
             
             #line default
             #line hidden
             
-            #line 111 "..\..\Views\User\Show.cshtml"
+            #line 114 "..\..\Views\User\Show.cshtml"
                                                                  
         }
 
@@ -406,7 +409,7 @@ WriteLiteral("        ");
 WriteLiteral("        ");
 
             
-            #line 113 "..\..\Views\User\Show.cshtml"
+            #line 116 "..\..\Views\User\Show.cshtml"
          if (Authorization.Has(Claims.User.ShowAuthorization))
         {
             
@@ -414,14 +417,14 @@ WriteLiteral("        ");
             #line default
             #line hidden
             
-            #line 115 "..\..\Views\User\Show.cshtml"
+            #line 118 "..\..\Views\User\Show.cshtml"
        Write(Html.Partial(MVC.User.Views.UserParts._Authorization, Model));
 
             
             #line default
             #line hidden
             
-            #line 115 "..\..\Views\User\Show.cshtml"
+            #line 118 "..\..\Views\User\Show.cshtml"
                                                                          
         }
 
@@ -431,13 +434,13 @@ WriteLiteral("        ");
 WriteLiteral("    </div>\r\n");
 
             
-            #line 118 "..\..\Views\User\Show.cshtml"
+            #line 121 "..\..\Views\User\Show.cshtml"
     
             
             #line default
             #line hidden
             
-            #line 118 "..\..\Views\User\Show.cshtml"
+            #line 121 "..\..\Views\User\Show.cshtml"
      if (requiresLive)
     {
 
@@ -492,7 +495,7 @@ WriteLiteral("        <script>\r\n            $(function () {\r\n
 "   });\r\n            });\r\n        </script>\r\n");
 
             
-            #line 187 "..\..\Views\User\Show.cshtml"
+            #line 190 "..\..\Views\User\Show.cshtml"
     }
 
             
diff --git a/Disco.Web/Views/User/UserParts/_Flags.cshtml b/Disco.Web/Views/User/UserParts/_Flags.cshtml
index c050d358..16d0c1cc 100644
--- a/Disco.Web/Views/User/UserParts/_Flags.cshtml
+++ b/Disco.Web/Views/User/UserParts/_Flags.cshtml
@@ -1,15 +1,8 @@
 @model Disco.Web.Models.User.ShowModel
 @using Disco.Services.Users.UserFlags;
 @{
-    Authorization.Require(Claims.User.ShowFlagAssignments);
-
-    var hasRemove = Authorization.Has(Claims.User.Actions.RemoveFlags);
-    var hasEdit = Authorization.Has(Claims.User.Actions.EditFlags);
-
-    var hasUserFlagShow = Authorization.Has(Claims.Config.UserFlag.Show);
-    var activeAssignmentCount = Model.User.UserFlagAssignments == null ? 0 : Model.User.UserFlagAssignments.Count(a => !a.RemovedDate.HasValue);
-
-    var flagAssignments = Model.User.UserFlagAssignments.Select(a => Tuple.Create(a, UserFlagService.GetUserFlag(a.UserFlagId))).ToList();
+    var flagAssignments = Model.User.UserFlagAssignments.Select(a => Tuple.Create(a, UserFlagService.GetUserFlag(a.UserFlagId))).Where(g => g.Item2.permission.CanShow()).ToList();
+    var activeAssignmentCount = flagAssignments.Count(a => !a.Item1.RemovedDate.HasValue);
 }
 <div id="UserDetailTab-Flags" class="UserPart">
     @if (flagAssignments.Count > 0)
@@ -25,14 +18,14 @@
             {
                 <tr data-userflagassignmentid="@fa.Item1.Id" data-flagassignmentaddeddate="@(fa.Item1.AddedDate.ToString("s"))" class="@(!fa.Item1.RemovedDate.HasValue ? "added" : "removed")">
                     <td class="name">
-                        <i class="fa fa-@(fa.Item2.Icon) fa-fw fa-lg d-@(fa.Item2.IconColour)"></i>
-                        @if (hasUserFlagShow)
+                        <i class="fa fa-@(fa.Item2.flag.Icon) fa-fw fa-lg d-@(fa.Item2.flag.IconColour)"></i>
+                        @if (Authorization.Has(Claims.Config.UserFlag.Show))
                         {
-                            @Html.ActionLink(fa.Item2.Name, MVC.Config.UserFlag.Index(fa.Item2.Id))
+                            @Html.ActionLink(fa.Item2.flag.Name, MVC.Config.UserFlag.Index(fa.Item2.flag.Id))
                         }
                         else
                         {
-                            @fa.Item2.Name
+                            @fa.Item2.flag.Name
                         }
                     </td>
                     <td class="added">
@@ -43,7 +36,7 @@
                         }
                     </td>
                     <td class="comments">
-                        @if (hasEdit)
+                        @if (fa.Item2.permission.CanEdit())
                         {
                             <div class="editable"><i class="fa fa-fw fa-edit" title="Edit Comments"></i></div>
                         }
@@ -77,6 +70,7 @@
         <div id="User_Show_Flags_Actions_Remove_Dialog" class="dialog" title="Remove this flag from the user?">
             @using (Html.BeginForm(MVC.API.UserFlagAssignment.RemoveUser()))
             {
+                @Html.AntiForgeryToken()
                 <input id="User_Show_Flags_Actions_Remove_Dialog_Id" type="hidden" name="id" value="" />
                 <p>
                     <i class="fa fa-exclamation-triangle fa-lg"></i>&nbsp;Are you sure?
@@ -86,6 +80,7 @@
         <div id="User_Show_Flags_Actions_EditComments_Dialog" class="dialog" title="Edit the Comments">
             @using (Html.BeginForm(MVC.API.UserFlagAssignment.UpdateComments()))
             {
+                @Html.AntiForgeryToken()
                 <input id="User_Show_Flags_Actions_EditComments_Dialog_Id" type="hidden" name="id" value="" />
                 <input type="hidden" name="redirect" value="true" />
                 <h4>Comments:</h4>
diff --git a/Disco.Web/Views/User/UserParts/_Flags.generated.cs b/Disco.Web/Views/User/UserParts/_Flags.generated.cs
index b2aba03a..6cbc8f1d 100644
--- a/Disco.Web/Views/User/UserParts/_Flags.generated.cs
+++ b/Disco.Web/Views/User/UserParts/_Flags.generated.cs
@@ -52,15 +52,8 @@ namespace Disco.Web.Views.User.UserParts
             
             #line 3 "..\..\Views\User\UserParts\_Flags.cshtml"
   
-    Authorization.Require(Claims.User.ShowFlagAssignments);
-
-    var hasRemove = Authorization.Has(Claims.User.Actions.RemoveFlags);
-    var hasEdit = Authorization.Has(Claims.User.Actions.EditFlags);
-
-    var hasUserFlagShow = Authorization.Has(Claims.Config.UserFlag.Show);
-    var activeAssignmentCount = Model.User.UserFlagAssignments == null ? 0 : Model.User.UserFlagAssignments.Count(a => !a.RemovedDate.HasValue);
-
-    var flagAssignments = Model.User.UserFlagAssignments.Select(a => Tuple.Create(a, UserFlagService.GetUserFlag(a.UserFlagId))).ToList();
+    var flagAssignments = Model.User.UserFlagAssignments.Select(a => Tuple.Create(a, UserFlagService.GetUserFlag(a.UserFlagId))).Where(g => g.Item2.permission.CanShow()).ToList();
+    var activeAssignmentCount = flagAssignments.Count(a => !a.Item1.RemovedDate.HasValue);
 
             
             #line default
@@ -74,13 +67,13 @@ WriteLiteral(" class=\"UserPart\"");
 WriteLiteral(">\r\n");
 
             
-            #line 15 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 8 "..\..\Views\User\UserParts\_Flags.cshtml"
     
             
             #line default
             #line hidden
             
-            #line 15 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 8 "..\..\Views\User\UserParts\_Flags.cshtml"
      if (flagAssignments.Count > 0)
     {
 
@@ -110,13 +103,13 @@ WriteLiteral(" class=\"removed\"");
 WriteLiteral(">Removed</th>\r\n            </tr>\r\n");
 
             
-            #line 24 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 17 "..\..\Views\User\UserParts\_Flags.cshtml"
             
             
             #line default
             #line hidden
             
-            #line 24 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 17 "..\..\Views\User\UserParts\_Flags.cshtml"
              foreach (var fa in flagAssignments.OrderByDescending(a => a.Item1.AddedDate))
             {
 
@@ -128,7 +121,7 @@ WriteLiteral("                <tr");
 WriteLiteral(" data-userflagassignmentid=\"");
 
             
-            #line 26 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 19 "..\..\Views\User\UserParts\_Flags.cshtml"
                                           Write(fa.Item1.Id);
 
             
@@ -139,7 +132,7 @@ WriteLiteral("\"");
 WriteLiteral(" data-flagassignmentaddeddate=\"");
 
             
-            #line 26 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 19 "..\..\Views\User\UserParts\_Flags.cshtml"
                                                                                        Write(fa.Item1.AddedDate.ToString("s"));
 
             
@@ -147,14 +140,14 @@ WriteLiteral(" data-flagassignmentaddeddate=\"");
             #line hidden
 WriteLiteral("\"");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 1240), Tuple.Create("\"", 1303)
+WriteAttribute("class", Tuple.Create(" class=\"", 943), Tuple.Create("\"", 1006)
             
-            #line 26 "..\..\Views\User\UserParts\_Flags.cshtml"
-                                                        , Tuple.Create(Tuple.Create("", 1248), Tuple.Create<System.Object, System.Int32>(!fa.Item1.RemovedDate.HasValue ? "added" : "removed"
+            #line 19 "..\..\Views\User\UserParts\_Flags.cshtml"
+                                                         , Tuple.Create(Tuple.Create("", 951), Tuple.Create<System.Object, System.Int32>(!fa.Item1.RemovedDate.HasValue ? "added" : "removed"
             
             #line default
             #line hidden
-, 1248), false)
+, 951), false)
 );
 
 WriteLiteral(">\r\n                    <td");
@@ -163,54 +156,54 @@ WriteLiteral(" class=\"name\"");
 
 WriteLiteral(">\r\n                        <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 1372), Tuple.Create("\"", 1439)
-, Tuple.Create(Tuple.Create("", 1380), Tuple.Create("fa", 1380), true)
-, Tuple.Create(Tuple.Create(" ", 1382), Tuple.Create("fa-", 1383), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 1075), Tuple.Create("\"", 1152)
+, Tuple.Create(Tuple.Create("", 1083), Tuple.Create("fa", 1083), true)
+, Tuple.Create(Tuple.Create(" ", 1085), Tuple.Create("fa-", 1086), true)
             
-            #line 28 "..\..\Views\User\UserParts\_Flags.cshtml"
-, Tuple.Create(Tuple.Create("", 1386), Tuple.Create<System.Object, System.Int32>(fa.Item2.Icon
+            #line 21 "..\..\Views\User\UserParts\_Flags.cshtml"
+, Tuple.Create(Tuple.Create("", 1089), Tuple.Create<System.Object, System.Int32>(fa.Item2.flag.Icon
             
             #line default
             #line hidden
-, 1386), false)
-, Tuple.Create(Tuple.Create(" ", 1402), Tuple.Create("fa-fw", 1403), true)
-, Tuple.Create(Tuple.Create(" ", 1408), Tuple.Create("fa-lg", 1409), true)
-, Tuple.Create(Tuple.Create(" ", 1414), Tuple.Create("d-", 1415), true)
+, 1089), false)
+, Tuple.Create(Tuple.Create(" ", 1110), Tuple.Create("fa-fw", 1111), true)
+, Tuple.Create(Tuple.Create(" ", 1116), Tuple.Create("fa-lg", 1117), true)
+, Tuple.Create(Tuple.Create(" ", 1122), Tuple.Create("d-", 1123), true)
             
-            #line 28 "..\..\Views\User\UserParts\_Flags.cshtml"
-, Tuple.Create(Tuple.Create("", 1417), Tuple.Create<System.Object, System.Int32>(fa.Item2.IconColour
+            #line 21 "..\..\Views\User\UserParts\_Flags.cshtml"
+, Tuple.Create(Tuple.Create("", 1125), Tuple.Create<System.Object, System.Int32>(fa.Item2.flag.IconColour
             
             #line default
             #line hidden
-, 1417), false)
+, 1125), false)
 );
 
 WriteLiteral("></i>\r\n");
 
             
-            #line 29 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 22 "..\..\Views\User\UserParts\_Flags.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 29 "..\..\Views\User\UserParts\_Flags.cshtml"
-                         if (hasUserFlagShow)
+            #line 22 "..\..\Views\User\UserParts\_Flags.cshtml"
+                         if (Authorization.Has(Claims.Config.UserFlag.Show))
                         {
                             
             
             #line default
             #line hidden
             
-            #line 31 "..\..\Views\User\UserParts\_Flags.cshtml"
-                       Write(Html.ActionLink(fa.Item2.Name, MVC.Config.UserFlag.Index(fa.Item2.Id)));
+            #line 24 "..\..\Views\User\UserParts\_Flags.cshtml"
+                       Write(Html.ActionLink(fa.Item2.flag.Name, MVC.Config.UserFlag.Index(fa.Item2.flag.Id)));
 
             
             #line default
             #line hidden
             
-            #line 31 "..\..\Views\User\UserParts\_Flags.cshtml"
-                                                                                                   
+            #line 24 "..\..\Views\User\UserParts\_Flags.cshtml"
+                                                                                                             
                         }
                         else
                         {
@@ -219,15 +212,15 @@ WriteLiteral("></i>\r\n");
             #line default
             #line hidden
             
-            #line 35 "..\..\Views\User\UserParts\_Flags.cshtml"
-                       Write(fa.Item2.Name);
+            #line 28 "..\..\Views\User\UserParts\_Flags.cshtml"
+                       Write(fa.Item2.flag.Name);
 
             
             #line default
             #line hidden
             
-            #line 35 "..\..\Views\User\UserParts\_Flags.cshtml"
-                                          
+            #line 28 "..\..\Views\User\UserParts\_Flags.cshtml"
+                                               
                         }
 
             
@@ -242,7 +235,7 @@ WriteLiteral(">\r\n");
 WriteLiteral("                        ");
 
             
-            #line 39 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 32 "..\..\Views\User\UserParts\_Flags.cshtml"
                    Write(CommonHelpers.FriendlyDateAndUser(fa.Item1.AddedDate, fa.Item1.AddedUser));
 
             
@@ -251,13 +244,13 @@ WriteLiteral("                        ");
 WriteLiteral("\r\n");
 
             
-            #line 40 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 33 "..\..\Views\User\UserParts\_Flags.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 40 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 33 "..\..\Views\User\UserParts\_Flags.cshtml"
                          if (fa.Item1.OnAssignmentExpressionResult != null)
                         {
 
@@ -271,7 +264,7 @@ WriteLiteral(" class=\"expressionResult\"");
 WriteLiteral(">");
 
             
-            #line 42 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 35 "..\..\Views\User\UserParts\_Flags.cshtml"
                                                      Write(fa.Item1.OnAssignmentExpressionResult);
 
             
@@ -280,7 +273,7 @@ WriteLiteral(">");
 WriteLiteral("</div>\r\n");
 
             
-            #line 43 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 36 "..\..\Views\User\UserParts\_Flags.cshtml"
                         }
 
             
@@ -293,14 +286,14 @@ WriteLiteral(" class=\"comments\"");
 WriteLiteral(">\r\n");
 
             
-            #line 46 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 39 "..\..\Views\User\UserParts\_Flags.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 46 "..\..\Views\User\UserParts\_Flags.cshtml"
-                         if (hasEdit)
+            #line 39 "..\..\Views\User\UserParts\_Flags.cshtml"
+                         if (fa.Item2.permission.CanEdit())
                         {
 
             
@@ -319,7 +312,7 @@ WriteLiteral(" title=\"Edit Comments\"");
 WriteLiteral("></i></div>\r\n");
 
             
-            #line 49 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 42 "..\..\Views\User\UserParts\_Flags.cshtml"
                         }
 
             
@@ -328,7 +321,7 @@ WriteLiteral("></i></div>\r\n");
 WriteLiteral("                        ");
 
             
-            #line 50 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 43 "..\..\Views\User\UserParts\_Flags.cshtml"
                          if (fa.Item1.Comments == null)
                         {
 
@@ -342,7 +335,7 @@ WriteLiteral(" class=\"comments smallMessage\"");
 WriteLiteral(">[no comments]</div>\r\n");
 
             
-            #line 53 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 46 "..\..\Views\User\UserParts\_Flags.cshtml"
                         }
                         else
                         {
@@ -357,7 +350,7 @@ WriteLiteral(" class=\"comments\"");
 WriteLiteral(">");
 
             
-            #line 56 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 49 "..\..\Views\User\UserParts\_Flags.cshtml"
                                              Write(fa.Item1.Comments.ToHtmlComment());
 
             
@@ -372,7 +365,7 @@ WriteLiteral(" class=\"commentsRaw\"");
 WriteLiteral(">");
 
             
-            #line 57 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 50 "..\..\Views\User\UserParts\_Flags.cshtml"
                                                 Write(fa.Item1.Comments);
 
             
@@ -381,7 +374,7 @@ WriteLiteral(">");
 WriteLiteral("</div>\r\n");
 
             
-            #line 58 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 51 "..\..\Views\User\UserParts\_Flags.cshtml"
                         }
 
             
@@ -389,27 +382,27 @@ WriteLiteral("</div>\r\n");
             #line hidden
 WriteLiteral("                    </td>\r\n                    <td");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 2954), Tuple.Create("\"", 3017)
-, Tuple.Create(Tuple.Create("", 2962), Tuple.Create("removed", 2962), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 2735), Tuple.Create("\"", 2798)
+, Tuple.Create(Tuple.Create("", 2743), Tuple.Create("removed", 2743), true)
             
-            #line 60 "..\..\Views\User\UserParts\_Flags.cshtml"
-, Tuple.Create(Tuple.Create("", 2969), Tuple.Create<System.Object, System.Int32>(!fa.Item1.RemovedDate.HasValue ? " na" : null
+            #line 53 "..\..\Views\User\UserParts\_Flags.cshtml"
+, Tuple.Create(Tuple.Create("", 2750), Tuple.Create<System.Object, System.Int32>(!fa.Item1.RemovedDate.HasValue ? " na" : null
             
             #line default
             #line hidden
-, 2969), false)
+, 2750), false)
 );
 
 WriteLiteral(">\r\n");
 
             
-            #line 61 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 54 "..\..\Views\User\UserParts\_Flags.cshtml"
                         
             
             #line default
             #line hidden
             
-            #line 61 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 54 "..\..\Views\User\UserParts\_Flags.cshtml"
                          if (fa.Item1.RemovedDate.HasValue)
                         {
                             
@@ -417,14 +410,14 @@ WriteLiteral(">\r\n");
             #line default
             #line hidden
             
-            #line 63 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 56 "..\..\Views\User\UserParts\_Flags.cshtml"
                        Write(CommonHelpers.FriendlyDateAndUser(fa.Item1.RemovedDate.Value, fa.Item1.RemovedUser));
 
             
             #line default
             #line hidden
             
-            #line 63 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 56 "..\..\Views\User\UserParts\_Flags.cshtml"
                                                                                                                 
                             if (fa.Item1.OnUnassignmentExpressionResult != null)
                             {
@@ -439,7 +432,7 @@ WriteLiteral(" class=\"expressionResult\"");
 WriteLiteral(">");
 
             
-            #line 66 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 59 "..\..\Views\User\UserParts\_Flags.cshtml"
                                                          Write(fa.Item1.OnUnassignmentExpressionResult);
 
             
@@ -448,7 +441,7 @@ WriteLiteral(">");
 WriteLiteral("</div>\r\n");
 
             
-            #line 67 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 60 "..\..\Views\User\UserParts\_Flags.cshtml"
                             }
                         }
                         else if (fa.Item1.CanRemove())
@@ -466,7 +459,7 @@ WriteLiteral(" class=\"button small remove\"");
 WriteLiteral(">Remove</a>\r\n");
 
             
-            #line 72 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 65 "..\..\Views\User\UserParts\_Flags.cshtml"
                         }
 
             
@@ -475,7 +468,7 @@ WriteLiteral(">Remove</a>\r\n");
 WriteLiteral("                    </td>\r\n                </tr>\r\n");
 
             
-            #line 75 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 68 "..\..\Views\User\UserParts\_Flags.cshtml"
             }
 
             
@@ -494,15 +487,29 @@ WriteLiteral(" title=\"Remove this flag from the user?\"");
 WriteLiteral(">\r\n");
 
             
-            #line 78 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 71 "..\..\Views\User\UserParts\_Flags.cshtml"
             
             
             #line default
             #line hidden
             
-            #line 78 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 71 "..\..\Views\User\UserParts\_Flags.cshtml"
              using (Html.BeginForm(MVC.API.UserFlagAssignment.RemoveUser()))
             {
+                
+            
+            #line default
+            #line hidden
+            
+            #line 73 "..\..\Views\User\UserParts\_Flags.cshtml"
+           Write(Html.AntiForgeryToken());
+
+            
+            #line default
+            #line hidden
+            
+            #line 73 "..\..\Views\User\UserParts\_Flags.cshtml"
+                                        
 
             
             #line default
@@ -526,7 +533,7 @@ WriteLiteral(" class=\"fa fa-exclamation-triangle fa-lg\"");
 WriteLiteral("></i>&nbsp;Are you sure?\r\n                </p>\r\n");
 
             
-            #line 84 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 78 "..\..\Views\User\UserParts\_Flags.cshtml"
             }
 
             
@@ -545,15 +552,29 @@ WriteLiteral(" title=\"Edit the Comments\"");
 WriteLiteral(">\r\n");
 
             
-            #line 87 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 81 "..\..\Views\User\UserParts\_Flags.cshtml"
             
             
             #line default
             #line hidden
             
-            #line 87 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 81 "..\..\Views\User\UserParts\_Flags.cshtml"
              using (Html.BeginForm(MVC.API.UserFlagAssignment.UpdateComments()))
             {
+                
+            
+            #line default
+            #line hidden
+            
+            #line 83 "..\..\Views\User\UserParts\_Flags.cshtml"
+           Write(Html.AntiForgeryToken());
+
+            
+            #line default
+            #line hidden
+            
+            #line 83 "..\..\Views\User\UserParts\_Flags.cshtml"
+                                        
 
             
             #line default
@@ -593,7 +614,7 @@ WriteLiteral(" class=\"block\"");
 WriteLiteral("></textarea>\r\n                </p>\r\n");
 
             
-            #line 95 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 90 "..\..\Views\User\UserParts\_Flags.cshtml"
             }
 
             
@@ -651,7 +672,7 @@ WriteLiteral(">\r\n            $(function () {\r\n                var userFlags
 ";\r\n            });\r\n        </script>\r\n");
 
             
-            #line 174 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 169 "..\..\Views\User\UserParts\_Flags.cshtml"
     }
     else
     {
@@ -666,7 +687,7 @@ WriteLiteral(" class=\"none\"");
 WriteLiteral(">This user has no associated flags</div>\r\n");
 
             
-            #line 178 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 173 "..\..\Views\User\UserParts\_Flags.cshtml"
     }
 
             
@@ -676,7 +697,7 @@ WriteLiteral("    <script>\r\n        $(\'#UserDetailTabItems\').append(\'<li><a
 "b-Flags\">Flags [");
 
             
-            #line 180 "..\..\Views\User\UserParts\_Flags.cshtml"
+            #line 175 "..\..\Views\User\UserParts\_Flags.cshtml"
                                                                               Write(activeAssignmentCount);
 
             
diff --git a/Disco.Web/Views/User/UserParts/_Subject.cshtml b/Disco.Web/Views/User/UserParts/_Subject.cshtml
index f08833d3..0cbcd3db 100644
--- a/Disco.Web/Views/User/UserParts/_Subject.cshtml
+++ b/Disco.Web/Views/User/UserParts/_Subject.cshtml
@@ -236,12 +236,13 @@
                                 </script>
                             }
                         }
-                        @if (Model.User.CanAddUserFlags() && Model.AvailableUserFlags != null && Model.AvailableUserFlags.Count > 0)
+                        @if (Model.AvailableUserFlags != null && Model.AvailableUserFlags.Count > 0)
                         {
-                            @Html.ActionLinkSmallButton("Add Flag", MVC.API.UserFlagAssignment.AddUser(), "User_Show_Details_Actions_AddFlag_Button")
+                            <button id="User_Show_Details_Actions_AddFlag_Button" type="button" class="button small">Add Flag</button>
                             <div id="User_Show_Details_Actions_AddFlag_Dialog" class="dialog" title="Add User Flag">
                                 @using (Html.BeginForm(MVC.API.UserFlagAssignment.AddUser()))
                                 {
+                                    @Html.AntiForgeryToken()
                                     <input id="User_Show_Details_Actions_AddFlag_Dialog_Id" type="hidden" name="id" />
                                     <input id="User_Show_Details_Actions_AddFlag_Dialog_UserId" type="hidden" name="UserId" value="@Model.User.UserId" />
                                     <div class="flagPicker">
@@ -265,7 +266,6 @@
                                 $(function () {
                                     const button = $('#User_Show_Details_Actions_AddFlag_Button');
                                     let buttonDialog = null;
-                                    const buttonLink = button.attr('href');
 
                                     let flagPicker = null;
                                     let flagAddId = null;
@@ -285,7 +285,7 @@
                                         flagAddComments.focus().select();
                                     }
 
-                                    button.attr('href', '#').click(function (e) {
+                                    button.click(function (e) {
                                         e.preventDefault();
 
                                         if (!buttonDialog) {
@@ -302,10 +302,9 @@
                                                     },
                                                     "Add Flag": function () {
                                                         if (!!flagAddId.val()) {
-                                                            const $this = $(this);
-                                                            $this.dialog("disable");
-                                                            $this.dialog("option", "buttons", null);
-                                                            buttonDialog.find('form').submit();
+                                                            buttonDialog
+                                                                .dialog("option", "buttons", null)
+                                                                .find('form').submit();
                                                         } else {
                                                             alert('Select a User Flag');
                                                         }
@@ -437,20 +436,22 @@
                                                             <span class="User_Show_AssignedDevices_CurrentAssignment_Assigned">@CommonHelpers.FriendlyDate(assignment.AssignedDate)</span>
                                                         </td>
                                                     </tr>
-                                                    @if (Authorization.Has(Claims.Device.ShowFlagAssignments) &&
-                                                        assignment.Device.DeviceFlagAssignments.Any(a => a.RemovedDate.HasValue))
+                                                    @if (assignment.Device.DeviceFlagAssignments.CanShowAny())
                                                     {
                                                         <tr>
                                                             <td colspan="2">
                                                                 <div class="User_Show_Assigned_Devices_CurrentAssignment_Flags">
                                                                     @foreach (var flag in assignment.Device.DeviceFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, DeviceFlagService.GetDeviceFlag(f.DeviceFlagId))))
                                                                     {
-                                                                        <i class="flag fa fa-@(flag.Item2.Icon) fa-fw d-@(flag.Item2.IconColour)">
-                                                                            <span class="details">
-                                                                                <span class="name">@flag.Item2.Name</span>@if (flag.Item1.Comments != null)
-                                                                                {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId)</span>
-                                                                            </span>
-                                                                        </i>
+                                                                        if (flag.Item2.permission.CanShow())
+                                                                        {
+                                                                            <i class="flag fa fa-@(flag.Item2.flag.Icon) fa-fw d-@(flag.Item2.flag.IconColour)">
+                                                                                <span class="details">
+                                                                                    <span class="name">@flag.Item2.flag.Name</span>@if (flag.Item1.Comments != null)
+                                                                                    {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId)</span>
+                                                                                </span>
+                                                                            </i>
+                                                                        }
                                                                     }
                                                                     <script type="text/javascript">
                                                                         $(function () {
diff --git a/Disco.Web/Views/User/UserParts/_Subject.generated.cs b/Disco.Web/Views/User/UserParts/_Subject.generated.cs
index 7f5e6b45..346ace06 100644
--- a/Disco.Web/Views/User/UserParts/_Subject.generated.cs
+++ b/Disco.Web/Views/User/UserParts/_Subject.generated.cs
@@ -893,26 +893,22 @@ WriteLiteral("                        ");
 
             
             #line 239 "..\..\Views\User\UserParts\_Subject.cshtml"
-                         if (Model.User.CanAddUserFlags() && Model.AvailableUserFlags != null && Model.AvailableUserFlags.Count > 0)
+                         if (Model.AvailableUserFlags != null && Model.AvailableUserFlags.Count > 0)
                         {
-                            
-            
-            #line default
-            #line hidden
-            
-            #line 241 "..\..\Views\User\UserParts\_Subject.cshtml"
-                       Write(Html.ActionLinkSmallButton("Add Flag", MVC.API.UserFlagAssignment.AddUser(), "User_Show_Details_Actions_AddFlag_Button"));
 
             
             #line default
             #line hidden
-            
-            #line 241 "..\..\Views\User\UserParts\_Subject.cshtml"
-                                                                                                                                                     
+WriteLiteral("                            <button");
+
+WriteLiteral(" id=\"User_Show_Details_Actions_AddFlag_Button\"");
+
+WriteLiteral(" type=\"button\"");
+
+WriteLiteral(" class=\"button small\"");
+
+WriteLiteral(">Add Flag</button>\r\n");
 
-            
-            #line default
-            #line hidden
 WriteLiteral("                            <div");
 
 WriteLiteral(" id=\"User_Show_Details_Actions_AddFlag_Dialog\"");
@@ -933,6 +929,20 @@ WriteLiteral(">\r\n");
             #line 243 "..\..\Views\User\UserParts\_Subject.cshtml"
                                  using (Html.BeginForm(MVC.API.UserFlagAssignment.AddUser()))
                                 {
+                                    
+            
+            #line default
+            #line hidden
+            
+            #line 245 "..\..\Views\User\UserParts\_Subject.cshtml"
+                               Write(Html.AntiForgeryToken());
+
+            
+            #line default
+            #line hidden
+            
+            #line 245 "..\..\Views\User\UserParts\_Subject.cshtml"
+                                                            
 
             
             #line default
@@ -955,14 +965,14 @@ WriteLiteral(" type=\"hidden\"");
 
 WriteLiteral(" name=\"UserId\"");
 
-WriteAttribute("value", Tuple.Create(" value=\"", 16008), Tuple.Create("\"", 16034)
+WriteAttribute("value", Tuple.Create(" value=\"", 16023), Tuple.Create("\"", 16049)
             
-            #line 246 "..\..\Views\User\UserParts\_Subject.cshtml"
-                                                  , Tuple.Create(Tuple.Create("", 16016), Tuple.Create<System.Object, System.Int32>(Model.User.UserId
+            #line 247 "..\..\Views\User\UserParts\_Subject.cshtml"
+                                                  , Tuple.Create(Tuple.Create("", 16031), Tuple.Create<System.Object, System.Int32>(Model.User.UserId
             
             #line default
             #line hidden
-, 16016), false)
+, 16031), false)
 );
 
 WriteLiteral(" />\r\n");
@@ -984,13 +994,13 @@ WriteLiteral(" autocomplete=\"off\"");
 WriteLiteral(" />\r\n");
 
             
-            #line 249 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 250 "..\..\Views\User\UserParts\_Subject.cshtml"
                                         
             
             #line default
             #line hidden
             
-            #line 249 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 250 "..\..\Views\User\UserParts\_Subject.cshtml"
                                          foreach (var userFlag in Model.AvailableUserFlags.OrderBy(jq => jq.Name))
                                         {
 
@@ -1004,7 +1014,7 @@ WriteLiteral(" class=\"flag\"");
 WriteLiteral(" data-userflagid=\"");
 
             
-            #line 251 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 252 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                            Write(userFlag.Id);
 
             
@@ -1015,7 +1025,7 @@ WriteLiteral("\"");
 WriteLiteral(" data-userflagname=\"");
 
             
-            #line 251 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 252 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                                                              Write(userFlag.Name);
 
             
@@ -1025,32 +1035,32 @@ WriteLiteral("\"");
 
 WriteLiteral(">\r\n                                                <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 16599), Tuple.Create("\"", 16666)
-, Tuple.Create(Tuple.Create("", 16607), Tuple.Create("fa", 16607), true)
-, Tuple.Create(Tuple.Create(" ", 16609), Tuple.Create("fa-", 16610), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 16614), Tuple.Create("\"", 16681)
+, Tuple.Create(Tuple.Create("", 16622), Tuple.Create("fa", 16622), true)
+, Tuple.Create(Tuple.Create(" ", 16624), Tuple.Create("fa-", 16625), true)
             
-            #line 252 "..\..\Views\User\UserParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 16613), Tuple.Create<System.Object, System.Int32>(userFlag.Icon
+            #line 253 "..\..\Views\User\UserParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 16628), Tuple.Create<System.Object, System.Int32>(userFlag.Icon
             
             #line default
             #line hidden
-, 16613), false)
-, Tuple.Create(Tuple.Create(" ", 16629), Tuple.Create("fa-fw", 16630), true)
-, Tuple.Create(Tuple.Create(" ", 16635), Tuple.Create("fa-lg", 16636), true)
-, Tuple.Create(Tuple.Create(" ", 16641), Tuple.Create("d-", 16642), true)
+, 16628), false)
+, Tuple.Create(Tuple.Create(" ", 16644), Tuple.Create("fa-fw", 16645), true)
+, Tuple.Create(Tuple.Create(" ", 16650), Tuple.Create("fa-lg", 16651), true)
+, Tuple.Create(Tuple.Create(" ", 16656), Tuple.Create("d-", 16657), true)
             
-            #line 252 "..\..\Views\User\UserParts\_Subject.cshtml"
-               , Tuple.Create(Tuple.Create("", 16644), Tuple.Create<System.Object, System.Int32>(userFlag.IconColour
+            #line 253 "..\..\Views\User\UserParts\_Subject.cshtml"
+               , Tuple.Create(Tuple.Create("", 16659), Tuple.Create<System.Object, System.Int32>(userFlag.IconColour
             
             #line default
             #line hidden
-, 16644), false)
+, 16659), false)
 );
 
 WriteLiteral("></i>");
 
             
-            #line 252 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 253 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                                                                       Write(userFlag.Name);
 
             
@@ -1059,7 +1069,7 @@ WriteLiteral("></i>");
 WriteLiteral("\r\n                                            </div>\r\n");
 
             
-            #line 254 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 255 "..\..\Views\User\UserParts\_Subject.cshtml"
                                         }
 
             
@@ -1083,7 +1093,7 @@ WriteLiteral("></textarea>\r\n                                        </div>\r\n
 "                 </div>\r\n");
 
             
-            #line 262 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 263 "..\..\Views\User\UserParts\_Subject.cshtml"
                                 }
 
             
@@ -1097,72 +1107,69 @@ WriteLiteral(" type=\"text/javascript\"");
 
 WriteLiteral(">\r\n                                $(function () {\r\n                             " +
 "       const button = $(\'#User_Show_Details_Actions_AddFlag_Button\');\r\n         " +
-"                           let buttonDialog = null;\r\n                           " +
-"         const buttonLink = button.attr(\'href\');\r\n\r\n                            " +
-"        let flagPicker = null;\r\n                                    let flagAddI" +
-"d = null;\r\n                                    let flagAddComments = null;\r\n    " +
-"                                let details = null;\r\n\r\n                         " +
-"           function flagSelected() {\r\n                                        co" +
-"nst flag = $(this);\r\n\r\n                                        flagPicker.childr" +
-"en().removeClass(\'selected\');\r\n                                        flag.addC" +
-"lass(\'selected\');\r\n\r\n                                        flagAddId.val(flag." +
-"attr(\'data-userflagid\'));\r\n\r\n                                        details.sho" +
-"w();\r\n\r\n                                        flagAddComments.focus().select()" +
-";\r\n                                    }\r\n\r\n                                    " +
-"button.attr(\'href\', \'#\').click(function (e) {\r\n                                 " +
-"       e.preventDefault();\r\n\r\n                                        if (!butto" +
-"nDialog) {\r\n                                            buttonDialog = $(\'#User_" +
-"Show_Details_Actions_AddFlag_Dialog\');\r\n                                        " +
-"    buttonDialog.dialog({\r\n                                                width" +
-": 600,\r\n                                                height: 410,\r\n          " +
-"                                      resizable: false,\r\n                       " +
-"                         modal: true,\r\n                                         " +
-"       autoOpen: false,\r\n                                                buttons" +
-": {\r\n                                                    Cancel: function () {\r\n" +
-"                                                        $(this).dialog(\"close\");" +
-"\r\n                                                    },\r\n                      " +
-"                              \"Add Flag\": function () {\r\n                       " +
-"                                 if (!!flagAddId.val()) {\r\n                     " +
-"                                       const $this = $(this);\r\n                 " +
-"                                           $this.dialog(\"disable\");\r\n           " +
-"                                                 $this.dialog(\"option\", \"buttons" +
-"\", null);\r\n                                                            buttonDia" +
-"log.find(\'form\').submit();\r\n                                                    " +
-"    } else {\r\n                                                            alert(" +
-"\'Select a User Flag\');\r\n                                                        " +
-"}\r\n                                                    }\r\n                      " +
-"                          }\r\n                                            });\r\n\r\n" +
-"                                            flagAddId = $(\'#User_Show_Details_Ac" +
-"tions_AddFlag_Dialog_Id\');\r\n                                            flagAddC" +
-"omments = buttonDialog.find(\'#User_Show_Details_Actions_AddFlag_Dialog_Comments\'" +
-");\r\n                                            flagPicker = buttonDialog.find(\'" +
-".flagPicker\');\r\n                                            details = buttonDial" +
-"og.find(\'.details\');\r\n\r\n                                            $(\'#User_Sho" +
-"w_Details_Actions_AddFlag_Dialog_Filter\').on(\'keyup\', function (e) {\r\n          " +
-"                                      const filter = $(e.currentTarget).val().to" +
-"LowerCase();\r\n                                                if (filter) {\r\n   " +
-"                                                 flagPicker.children(\'div.flag\')" +
-".each(function () {\r\n                                                        con" +
-"st $this = $(this);\r\n                                                        if " +
-"($this.attr(\'data-userflagname\').toLowerCase().indexOf(filter) >= 0) {\r\n        " +
-"                                                    $this.css(\'display\', \'block\'" +
-");\r\n                                                        } else {\r\n          " +
-"                                                  $this.css(\'display\', \'none\');\r" +
-"\n                                                        }\r\n                    " +
-"                                });\r\n                                           " +
-"     } else {\r\n                                                    flagPicker.ch" +
-"ildren(\'div.flag\').each(function () { $(this).css(\'display\', \'block\'); });\r\n    " +
-"                                            }\r\n                                 " +
-"           });\r\n\r\n                                            flagPicker.on(\'cli" +
-"ck\', \'div.flag\', flagSelected);\r\n                                        }\r\n\r\n  " +
-"                                      $(\'#User_Show_Details_Actions_AddFlag_Dial" +
-"og_Filter\').val(\'\');\r\n                                        buttonDialog.dialo" +
-"g(\'open\');\r\n                                        return false;\r\n             " +
-"                       });\r\n                                });\r\n               " +
-"             </script>\r\n");
+"                           let buttonDialog = null;\r\n\r\n                         " +
+"           let flagPicker = null;\r\n                                    let flagA" +
+"ddId = null;\r\n                                    let flagAddComments = null;\r\n " +
+"                                   let details = null;\r\n\r\n                      " +
+"              function flagSelected() {\r\n                                       " +
+" const flag = $(this);\r\n\r\n                                        flagPicker.chi" +
+"ldren().removeClass(\'selected\');\r\n                                        flag.a" +
+"ddClass(\'selected\');\r\n\r\n                                        flagAddId.val(fl" +
+"ag.attr(\'data-userflagid\'));\r\n\r\n                                        details." +
+"show();\r\n\r\n                                        flagAddComments.focus().selec" +
+"t();\r\n                                    }\r\n\r\n                                 " +
+"   button.click(function (e) {\r\n                                        e.preven" +
+"tDefault();\r\n\r\n                                        if (!buttonDialog) {\r\n   " +
+"                                         buttonDialog = $(\'#User_Show_Details_Ac" +
+"tions_AddFlag_Dialog\');\r\n                                            buttonDialo" +
+"g.dialog({\r\n                                                width: 600,\r\n       " +
+"                                         height: 410,\r\n                         " +
+"                       resizable: false,\r\n                                      " +
+"          modal: true,\r\n                                                autoOpen" +
+": false,\r\n                                                buttons: {\r\n          " +
+"                                          Cancel: function () {\r\n               " +
+"                                         $(this).dialog(\"close\");\r\n             " +
+"                                       },\r\n                                     " +
+"               \"Add Flag\": function () {\r\n                                      " +
+"                  if (!!flagAddId.val()) {\r\n                                    " +
+"                        buttonDialog\r\n                                          " +
+"                      .dialog(\"option\", \"buttons\", null)\r\n                      " +
+"                                          .find(\'form\').submit();\r\n             " +
+"                                           } else {\r\n                           " +
+"                                 alert(\'Select a User Flag\');\r\n                 " +
+"                                       }\r\n                                      " +
+"              }\r\n                                                }\r\n            " +
+"                                });\r\n\r\n                                         " +
+"   flagAddId = $(\'#User_Show_Details_Actions_AddFlag_Dialog_Id\');\r\n             " +
+"                               flagAddComments = buttonDialog.find(\'#User_Show_D" +
+"etails_Actions_AddFlag_Dialog_Comments\');\r\n                                     " +
+"       flagPicker = buttonDialog.find(\'.flagPicker\');\r\n                         " +
+"                   details = buttonDialog.find(\'.details\');\r\n\r\n                 " +
+"                           $(\'#User_Show_Details_Actions_AddFlag_Dialog_Filter\')" +
+".on(\'keyup\', function (e) {\r\n                                                con" +
+"st filter = $(e.currentTarget).val().toLowerCase();\r\n                           " +
+"                     if (filter) {\r\n                                            " +
+"        flagPicker.children(\'div.flag\').each(function () {\r\n                    " +
+"                                    const $this = $(this);\r\n                    " +
+"                                    if ($this.attr(\'data-userflagname\').toLowerC" +
+"ase().indexOf(filter) >= 0) {\r\n                                                 " +
+"           $this.css(\'display\', \'block\');\r\n                                     " +
+"                   } else {\r\n                                                   " +
+"         $this.css(\'display\', \'none\');\r\n                                        " +
+"                }\r\n                                                    });\r\n    " +
+"                                            } else {\r\n                          " +
+"                          flagPicker.children(\'div.flag\').each(function () { $(t" +
+"his).css(\'display\', \'block\'); });\r\n                                             " +
+"   }\r\n                                            });\r\n\r\n                       " +
+"                     flagPicker.on(\'click\', \'div.flag\', flagSelected);\r\n        " +
+"                                }\r\n\r\n                                        $(\'" +
+"#User_Show_Details_Actions_AddFlag_Dialog_Filter\').val(\'\');\r\n                   " +
+"                     buttonDialog.dialog(\'open\');\r\n                             " +
+"           return false;\r\n                                    });\r\n             " +
+"                   });\r\n                            </script>\r\n");
 
             
-            #line 346 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 345 "..\..\Views\User\UserParts\_Subject.cshtml"
                         }
 
             
@@ -1171,13 +1178,13 @@ WriteLiteral(">\r\n                                $(function () {\r\n
 WriteLiteral("                    </div>\r\n                </div>\r\n            </td>\r\n");
 
             
-            #line 350 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 349 "..\..\Views\User\UserParts\_Subject.cshtml"
             
             
             #line default
             #line hidden
             
-            #line 350 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 349 "..\..\Views\User\UserParts\_Subject.cshtml"
              if (Authorization.Has(Claims.User.ShowAssignments))
             {
 
@@ -1195,13 +1202,13 @@ WriteLiteral(" id=\"User_Show_AssignedDevices_Active\"");
 WriteLiteral(">\r\n                            <h3>Current Device Assignments</h3>\r\n");
 
             
-            #line 356 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 355 "..\..\Views\User\UserParts\_Subject.cshtml"
                             
             
             #line default
             #line hidden
             
-            #line 356 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 355 "..\..\Views\User\UserParts\_Subject.cshtml"
                              if (currentDeviceAssignments.Count > 0)
                             {
                                 foreach (var assignment in currentDeviceAssignments)
@@ -1217,7 +1224,7 @@ WriteLiteral(" class=\"User_Show_AssignedDevices_CurrentAssignment clearfix\"");
 WriteLiteral(" data-deviceserialnumber=\"");
 
             
-            #line 360 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 359 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                                                                           Write(assignment.DeviceSerialNumber);
 
             
@@ -1228,13 +1235,13 @@ WriteLiteral("\"");
 WriteLiteral(">\r\n");
 
             
-            #line 361 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 360 "..\..\Views\User\UserParts\_Subject.cshtml"
                                         
             
             #line default
             #line hidden
             
-            #line 361 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 360 "..\..\Views\User\UserParts\_Subject.cshtml"
                                          if (Authorization.Has(Claims.Device.Show))
                                         {
 
@@ -1243,14 +1250,14 @@ WriteLiteral(">\r\n");
             #line hidden
 WriteLiteral("                                            <a");
 
-WriteAttribute("href", Tuple.Create(" href=\"", 23450), Tuple.Create("\"", 23517)
+WriteAttribute("href", Tuple.Create(" href=\"", 23264), Tuple.Create("\"", 23331)
             
-            #line 363 "..\..\Views\User\UserParts\_Subject.cshtml"
-, Tuple.Create(Tuple.Create("", 23457), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.Device.Show(assignment.Device.SerialNumber))
+            #line 362 "..\..\Views\User\UserParts\_Subject.cshtml"
+, Tuple.Create(Tuple.Create("", 23271), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.Device.Show(assignment.Device.SerialNumber))
             
             #line default
             #line hidden
-, 23457), false)
+, 23271), false)
 );
 
 WriteLiteral(">\r\n                                                <img");
@@ -1259,20 +1266,20 @@ WriteLiteral(" class=\"User_Show_AssignedDevices_CurrentAssignment_Image\"");
 
 WriteLiteral(" alt=\"Model Image\"");
 
-WriteAttribute("src", Tuple.Create(" src=\"", 23649), Tuple.Create("\"", 23770)
+WriteAttribute("src", Tuple.Create(" src=\"", 23463), Tuple.Create("\"", 23584)
             
-            #line 364 "..\..\Views\User\UserParts\_Subject.cshtml"
-                                                     , Tuple.Create(Tuple.Create("", 23655), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.DeviceModel.Image(assignment.Device.DeviceModel.Id, assignment.Device.DeviceModel.ImageHash()))
+            #line 363 "..\..\Views\User\UserParts\_Subject.cshtml"
+                                                     , Tuple.Create(Tuple.Create("", 23469), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.DeviceModel.Image(assignment.Device.DeviceModel.Id, assignment.Device.DeviceModel.ImageHash()))
             
             #line default
             #line hidden
-, 23655), false)
+, 23469), false)
 );
 
 WriteLiteral(" />\r\n                                            </a>\r\n");
 
             
-            #line 366 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 365 "..\..\Views\User\UserParts\_Subject.cshtml"
                                         }
                                         else
                                         {
@@ -1286,20 +1293,20 @@ WriteLiteral(" class=\"User_Show_AssignedDevices_CurrentAssignment_Image\"");
 
 WriteLiteral(" alt=\"Model Image\"");
 
-WriteAttribute("src", Tuple.Create(" src=\"", 24082), Tuple.Create("\"", 24203)
+WriteAttribute("src", Tuple.Create(" src=\"", 23896), Tuple.Create("\"", 24017)
             
-            #line 369 "..\..\Views\User\UserParts\_Subject.cshtml"
-                                                 , Tuple.Create(Tuple.Create("", 24088), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.DeviceModel.Image(assignment.Device.DeviceModel.Id, assignment.Device.DeviceModel.ImageHash()))
+            #line 368 "..\..\Views\User\UserParts\_Subject.cshtml"
+                                                 , Tuple.Create(Tuple.Create("", 23902), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.DeviceModel.Image(assignment.Device.DeviceModel.Id, assignment.Device.DeviceModel.ImageHash()))
             
             #line default
             #line hidden
-, 24088), false)
+, 23902), false)
 );
 
 WriteLiteral(" />\r\n");
 
             
-            #line 370 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 369 "..\..\Views\User\UserParts\_Subject.cshtml"
                                         }
 
             
@@ -1327,13 +1334,13 @@ WriteLiteral(" class=\"User_Show_AssignedDevices_CurrentAssignment_SerialNumber\
 WriteLiteral(" data-clipboard>\r\n");
 
             
-            #line 380 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 379 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                 
             
             #line default
             #line hidden
             
-            #line 380 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 379 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                  if (Authorization.Has(Claims.Device.Show))
                                                                 {
                                                                     
@@ -1341,14 +1348,14 @@ WriteLiteral(" data-clipboard>\r\n");
             #line default
             #line hidden
             
-            #line 382 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 381 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                Write(Html.ActionLink(assignment.Device.SerialNumber, MVC.Device.Show(assignment.Device.SerialNumber)));
 
             
             #line default
             #line hidden
             
-            #line 382 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 381 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                                                                                                                      
                                                                 }
                                                                 else
@@ -1358,14 +1365,14 @@ WriteLiteral(" data-clipboard>\r\n");
             #line default
             #line hidden
             
-            #line 386 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 385 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                Write(assignment.Device.SerialNumber);
 
             
             #line default
             #line hidden
             
-            #line 386 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 385 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                                                    
                                                                 }
 
@@ -1375,13 +1382,13 @@ WriteLiteral(" data-clipboard>\r\n");
 WriteLiteral("                                                            </span>\r\n");
 
             
-            #line 389 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 388 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                             
             
             #line default
             #line hidden
             
-            #line 389 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 388 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                              if (!string.IsNullOrWhiteSpace(assignment.Device.ComputerName))
                                                             {
 
@@ -1397,7 +1404,7 @@ WriteLiteral(" class=\"User_Show_AssignedDevices_CurrentAssignment_ComputerName\
 WriteLiteral(" data-clipboard>");
 
             
-            #line 391 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 390 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                                                                                                         Write(assignment.Device.ComputerName);
 
             
@@ -1408,7 +1415,7 @@ WriteLiteral("</span>)");
 WriteLiteral("\r\n");
 
             
-            #line 392 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 391 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                             }
 
             
@@ -1418,13 +1425,13 @@ WriteLiteral("                                                        </td>\r\n
 "                                  </tr>\r\n");
 
             
-            #line 395 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 394 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                     
             
             #line default
             #line hidden
             
-            #line 395 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 394 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                      if (!string.IsNullOrEmpty(assignment.Device.AssetNumber))
                                                     {
 
@@ -1441,7 +1448,7 @@ WriteLiteral(" class=\"User_Show_AssignedDevices_CurrentAssignment_Asset\"");
 WriteLiteral(" data-clipboard>");
 
             
-            #line 400 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 399 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                                                                                           Write(assignment.Device.AssetNumber);
 
             
@@ -1451,7 +1458,7 @@ WriteLiteral("</span>\r\n
 "                                                   </tr>\r\n");
 
             
-            #line 403 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 402 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                     }
 
             
@@ -1460,7 +1467,7 @@ WriteLiteral("</span>\r\n
 WriteLiteral("                                                    ");
 
             
-            #line 404 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 403 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                      if (assignment.Device.DeviceModelId.HasValue)
                                                     {
 
@@ -1479,7 +1486,7 @@ WriteLiteral(" class=\"User_Show_AssignedDevices_CurrentAssignment_Model\"");
 WriteLiteral(">");
 
             
-            #line 411 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 410 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                                                                            Write(assignment.Device.DeviceModel.ToString());
 
             
@@ -1489,7 +1496,7 @@ WriteLiteral("</span>\r\n
 "                                                   </tr>\r\n");
 
             
-            #line 414 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 413 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                     }
 
             
@@ -1507,7 +1514,7 @@ WriteLiteral(" class=\"User_Show_AssignedDevices_CurrentAssignment_Profile\"");
 WriteLiteral(">");
 
             
-            #line 420 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 419 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                                                                          Write(assignment.Device.DeviceProfile.ToString());
 
             
@@ -1517,13 +1524,13 @@ WriteLiteral("</span>\r\n
 "                                           </tr>\r\n");
 
             
-            #line 423 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 422 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                     
             
             #line default
             #line hidden
             
-            #line 423 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 422 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                      if (assignment.Device.DeviceBatchId.HasValue)
                                                     {
 
@@ -1542,7 +1549,7 @@ WriteLiteral(" class=\"User_Show_AssignedDevices_CurrentAssignment_Batch\"");
 WriteLiteral(">");
 
             
-            #line 430 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 429 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                                                                            Write(assignment.Device.DeviceBatch.ToString());
 
             
@@ -1552,7 +1559,7 @@ WriteLiteral("</span>\r\n
 "                                                   </tr>\r\n");
 
             
-            #line 433 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 432 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                     }
 
             
@@ -1568,7 +1575,7 @@ WriteLiteral(" class=\"User_Show_AssignedDevices_CurrentAssignment_Assigned\"");
 WriteLiteral(">");
 
             
-            #line 437 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 436 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                                                                           Write(CommonHelpers.FriendlyDate(assignment.AssignedDate));
 
             
@@ -1578,15 +1585,14 @@ WriteLiteral("</span>\r\n
 "                                           </tr>\r\n");
 
             
-            #line 440 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 439 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                     
             
             #line default
             #line hidden
             
-            #line 440 "..\..\Views\User\UserParts\_Subject.cshtml"
-                                                     if (Authorization.Has(Claims.Device.ShowFlagAssignments) &&
-                                                        assignment.Device.DeviceFlagAssignments.Any(a => a.RemovedDate.HasValue))
+            #line 439 "..\..\Views\User\UserParts\_Subject.cshtml"
+                                                     if (assignment.Device.DeviceFlagAssignments.CanShowAny())
                                                     {
 
             
@@ -1604,50 +1610,52 @@ WriteLiteral(" class=\"User_Show_Assigned_Devices_CurrentAssignment_Flags\"");
 WriteLiteral(">\r\n");
 
             
-            #line 446 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 444 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                     
             
             #line default
             #line hidden
             
-            #line 446 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 444 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                                      foreach (var flag in assignment.Device.DeviceFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, DeviceFlagService.GetDeviceFlag(f.DeviceFlagId))))
                                                                     {
+                                                                        if (flag.Item2.permission.CanShow())
+                                                                        {
 
             
             #line default
             #line hidden
-WriteLiteral("                                                                        <i");
+WriteLiteral("                                                                            <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 30837), Tuple.Create("\"", 30907)
-, Tuple.Create(Tuple.Create("", 30845), Tuple.Create("flag", 30845), true)
-, Tuple.Create(Tuple.Create(" ", 30849), Tuple.Create("fa", 30850), true)
-, Tuple.Create(Tuple.Create(" ", 30852), Tuple.Create("fa-", 30853), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 30707), Tuple.Create("\"", 30787)
+, Tuple.Create(Tuple.Create("", 30715), Tuple.Create("flag", 30715), true)
+, Tuple.Create(Tuple.Create(" ", 30719), Tuple.Create("fa", 30720), true)
+, Tuple.Create(Tuple.Create(" ", 30722), Tuple.Create("fa-", 30723), true)
             
             #line 448 "..\..\Views\User\UserParts\_Subject.cshtml"
-             , Tuple.Create(Tuple.Create("", 30856), Tuple.Create<System.Object, System.Int32>(flag.Item2.Icon
+                 , Tuple.Create(Tuple.Create("", 30726), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.Icon
             
             #line default
             #line hidden
-, 30856), false)
-, Tuple.Create(Tuple.Create(" ", 30874), Tuple.Create("fa-fw", 30875), true)
-, Tuple.Create(Tuple.Create(" ", 30880), Tuple.Create("d-", 30881), true)
+, 30726), false)
+, Tuple.Create(Tuple.Create(" ", 30749), Tuple.Create("fa-fw", 30750), true)
+, Tuple.Create(Tuple.Create(" ", 30755), Tuple.Create("d-", 30756), true)
             
             #line 448 "..\..\Views\User\UserParts\_Subject.cshtml"
-                                        , Tuple.Create(Tuple.Create("", 30883), Tuple.Create<System.Object, System.Int32>(flag.Item2.IconColour
+                                                 , Tuple.Create(Tuple.Create("", 30758), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.IconColour
             
             #line default
             #line hidden
-, 30883), false)
+, 30758), false)
 );
 
-WriteLiteral(">\r\n                                                                            <s" +
-"pan");
+WriteLiteral(">\r\n                                                                              " +
+"  <span");
 
 WriteLiteral(" class=\"details\"");
 
 WriteLiteral(">\r\n                                                                              " +
-"  <span");
+"      <span");
 
 WriteLiteral(" class=\"name\"");
 
@@ -1655,7 +1663,7 @@ WriteLiteral(">");
 
             
             #line 450 "..\..\Views\User\UserParts\_Subject.cshtml"
-                                                                                              Write(flag.Item2.Name);
+                                                                                                  Write(flag.Item2.flag.Name);
 
             
             #line default
@@ -1664,8 +1672,8 @@ WriteLiteral("</span>");
 
             
             #line 450 "..\..\Views\User\UserParts\_Subject.cshtml"
-                                                                                                                           if (flag.Item1.Comments != null)
-                                                                                {
+                                                                                                                                    if (flag.Item1.Comments != null)
+                                                                                    {
             
             #line default
             #line hidden
@@ -1677,7 +1685,7 @@ WriteLiteral(">");
 
             
             #line 451 "..\..\Views\User\UserParts\_Subject.cshtml"
-                                                                                                   Write(flag.Item1.Comments.ToHtmlComment());
+                                                                                                       Write(flag.Item1.Comments.ToHtmlComment());
 
             
             #line default
@@ -1686,7 +1694,7 @@ WriteLiteral("</span>");
 
             
             #line 451 "..\..\Views\User\UserParts\_Subject.cshtml"
-                                                                                                                                                   }
+                                                                                                                                                       }
             
             #line default
             #line hidden
@@ -1698,17 +1706,18 @@ WriteLiteral(">");
 
             
             #line 451 "..\..\Views\User\UserParts\_Subject.cshtml"
-                                                                                                                                                                   Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId));
+                                                                                                                                                                       Write(CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId));
 
             
             #line default
             #line hidden
 WriteLiteral("</span>\r\n                                                                        " +
-"    </span>\r\n                                                                   " +
-"     </i>\r\n");
+"        </span>\r\n                                                               " +
+"             </i>\r\n");
 
             
             #line 454 "..\..\Views\User\UserParts\_Subject.cshtml"
+                                                                        }
                                                                     }
 
             
@@ -1761,7 +1770,7 @@ WriteLiteral(">\r\n
 "           </tr>\r\n");
 
             
-            #line 488 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 489 "..\..\Views\User\UserParts\_Subject.cshtml"
                                                     }
 
             
@@ -1772,7 +1781,7 @@ WriteLiteral("                                                </tbody>\r\n
 "                                   </div>\r\n");
 
             
-            #line 493 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 494 "..\..\Views\User\UserParts\_Subject.cshtml"
                                 }
                             }
                             else
@@ -1788,7 +1797,7 @@ WriteLiteral(" class=\"smallMessage\"");
 WriteLiteral(">No Current Device Assignments</span>\r\n");
 
             
-            #line 498 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 499 "..\..\Views\User\UserParts\_Subject.cshtml"
                             }
 
             
@@ -1798,7 +1807,7 @@ WriteLiteral("                        </div>\r\n                    </div>\r\n
 "\r\n");
 
             
-            #line 502 "..\..\Views\User\UserParts\_Subject.cshtml"
+            #line 503 "..\..\Views\User\UserParts\_Subject.cshtml"
             }
 
             
diff --git a/Disco.Web/Views/User/_UserTable.cshtml b/Disco.Web/Views/User/_UserTable.cshtml
index 500d8186..b59925b7 100644
--- a/Disco.Web/Views/User/_UserTable.cshtml
+++ b/Disco.Web/Views/User/_UserTable.cshtml
@@ -42,22 +42,22 @@
                             {
                                 @item.FriendlyId
                             }
-                            @if (Authorization.Has(Claims.User.ShowFlagAssignments))
+                            @if (item.UserFlagAssignments.CanShowAny())
                             {
-                                @if (item.UserFlagAssignments != null && item.UserFlagAssignments.Count > 0)
-                                {
-                                    <div class="flags">
-                                        @foreach (var flag in item.UserFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, UserFlagService.GetUserFlag(f.UserFlagId))))
+                                <div class="flags">
+                                    @foreach (var flag in item.UserFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, UserFlagService.GetUserFlag(f.UserFlagId))))
+                                    {
+                                        if (flag.Item2.permission.CanShow())
                                         {
-                                            <i class="flag fa fa-@(flag.Item2.Icon) fa-fw d-@(flag.Item2.IconColour)">
+                                            <i class="flag fa fa-@(flag.Item2.flag.Icon) fa-fw d-@(flag.Item2.flag.IconColour)">
                                                 <span class="details">
-                                                    <span class="name">@flag.Item2.Name</span>@if (flag.Item1.Comments != null)
+                                                    <span class="name">@flag.Item2.flag.Name</span>@if (flag.Item1.Comments != null)
                                                     {<span class="comments">@flag.Item1.Comments.ToHtmlComment()</span>}<span class="added">@CommonHelpers.FriendlyDateAndUser(flag.Item1.AddedDate, flag.Item1.AddedUserId)</span>
                                                 </span>
                                             </i>
                                         }
-                                    </div>
-                                }
+                                    }
+                                </div>
                             }
                         </td>
                         <td>
diff --git a/Disco.Web/Views/User/_UserTable.generated.cs b/Disco.Web/Views/User/_UserTable.generated.cs
index 4deb8cd3..6c07dcb4 100644
--- a/Disco.Web/Views/User/_UserTable.generated.cs
+++ b/Disco.Web/Views/User/_UserTable.generated.cs
@@ -173,35 +173,29 @@ WriteLiteral("                            ");
 
             
             #line 45 "..\..\Views\User\_UserTable.cshtml"
-                             if (Authorization.Has(Claims.User.ShowFlagAssignments))
+                             if (item.UserFlagAssignments.CanShowAny())
                             {
-                                
-            
-            #line default
-            #line hidden
-            
-            #line 47 "..\..\Views\User\_UserTable.cshtml"
-                                 if (item.UserFlagAssignments != null && item.UserFlagAssignments.Count > 0)
-                                {
 
             
             #line default
             #line hidden
-WriteLiteral("                                    <div");
+WriteLiteral("                                <div");
 
 WriteLiteral(" class=\"flags\"");
 
 WriteLiteral(">\r\n");
 
             
-            #line 50 "..\..\Views\User\_UserTable.cshtml"
-                                        
+            #line 48 "..\..\Views\User\_UserTable.cshtml"
+                                    
             
             #line default
             #line hidden
             
-            #line 50 "..\..\Views\User\_UserTable.cshtml"
-                                         foreach (var flag in item.UserFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, UserFlagService.GetUserFlag(f.UserFlagId))))
+            #line 48 "..\..\Views\User\_UserTable.cshtml"
+                                     foreach (var flag in item.UserFlagAssignments.Where(f => !f.RemovedDate.HasValue).Select(f => Tuple.Create(f, UserFlagService.GetUserFlag(f.UserFlagId))))
+                                    {
+                                        if (flag.Item2.permission.CanShow())
                                         {
 
             
@@ -209,26 +203,26 @@ WriteLiteral(">\r\n");
             #line hidden
 WriteLiteral("                                            <i");
 
-WriteAttribute("class", Tuple.Create(" class=\"", 2064), Tuple.Create("\"", 2134)
-, Tuple.Create(Tuple.Create("", 2072), Tuple.Create("flag", 2072), true)
-, Tuple.Create(Tuple.Create(" ", 2076), Tuple.Create("fa", 2077), true)
-, Tuple.Create(Tuple.Create(" ", 2079), Tuple.Create("fa-", 2080), true)
+WriteAttribute("class", Tuple.Create(" class=\"", 2015), Tuple.Create("\"", 2095)
+, Tuple.Create(Tuple.Create("", 2023), Tuple.Create("flag", 2023), true)
+, Tuple.Create(Tuple.Create(" ", 2027), Tuple.Create("fa", 2028), true)
+, Tuple.Create(Tuple.Create(" ", 2030), Tuple.Create("fa-", 2031), true)
             
             #line 52 "..\..\Views\User\_UserTable.cshtml"
-, Tuple.Create(Tuple.Create("", 2083), Tuple.Create<System.Object, System.Int32>(flag.Item2.Icon
+, Tuple.Create(Tuple.Create("", 2034), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.Icon
             
             #line default
             #line hidden
-, 2083), false)
-, Tuple.Create(Tuple.Create(" ", 2101), Tuple.Create("fa-fw", 2102), true)
-, Tuple.Create(Tuple.Create(" ", 2107), Tuple.Create("d-", 2108), true)
+, 2034), false)
+, Tuple.Create(Tuple.Create(" ", 2057), Tuple.Create("fa-fw", 2058), true)
+, Tuple.Create(Tuple.Create(" ", 2063), Tuple.Create("d-", 2064), true)
             
             #line 52 "..\..\Views\User\_UserTable.cshtml"
-             , Tuple.Create(Tuple.Create("", 2110), Tuple.Create<System.Object, System.Int32>(flag.Item2.IconColour
+                  , Tuple.Create(Tuple.Create("", 2066), Tuple.Create<System.Object, System.Int32>(flag.Item2.flag.IconColour
             
             #line default
             #line hidden
-, 2110), false)
+, 2066), false)
 );
 
 WriteLiteral(">\r\n                                                <span");
@@ -243,7 +237,7 @@ WriteLiteral(">");
 
             
             #line 54 "..\..\Views\User\_UserTable.cshtml"
-                                                                  Write(flag.Item2.Name);
+                                                                  Write(flag.Item2.flag.Name);
 
             
             #line default
@@ -252,7 +246,7 @@ WriteLiteral("</span>");
 
             
             #line 54 "..\..\Views\User\_UserTable.cshtml"
-                                                                                               if (flag.Item1.Comments != null)
+                                                                                                    if (flag.Item1.Comments != null)
                                                     {
             
             #line default
@@ -297,20 +291,15 @@ WriteLiteral("</span>\r\n                                                </span>
             
             #line 58 "..\..\Views\User\_UserTable.cshtml"
                                         }
-            
-            #line default
-            #line hidden
-WriteLiteral("\r\n                                    </div>\r\n");
+                                    }
 
             
-            #line 60 "..\..\Views\User\_UserTable.cshtml"
-                                }
-            
             #line default
             #line hidden
+WriteLiteral("                                </div>\r\n");
+
             
-            #line 60 "..\..\Views\User\_UserTable.cshtml"
-                                 
+            #line 61 "..\..\Views\User\_UserTable.cshtml"
                             }