diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IAuthorizationDAOFactory.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IAuthorizationDAOFactory.java
new file mode 100644
index 0000000000000000000000000000000000000000..6f01ed9cc510007cc6fbadd122b8507724f9b276
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IAuthorizationDAOFactory.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.dataaccess;
+
+import ch.systemsx.cisd.lims.base.dto.DatabaseInstancePE;
+
+/**
+ * Factory definition for all Data Access Objects which are needed for managing authorization.
+ *
+ * @author Franz-Josef Elmer
+ */
+public interface IAuthorizationDAOFactory
+{
+
+    // TODO 2008-07-10, Franz-Josef Elmer: Remove method if no longer needed
+    public DatabaseInstancePE getHomeDatabaseInstance();
+
+    /** Returns the <code>IPersonDAO</code> implementation. */
+    public IPersonDAO getPersonDAO();
+
+    /**
+     * @return The implementation of the {@link IGroupDAO}.
+     */
+    public IGroupDAO getGroupDAO();
+
+    /**
+     * @return The implementation of the {@link IDatabaseInstanceDAO}.
+     */
+    public IDatabaseInstanceDAO getDatabaseInstancesDAO();
+
+    /**
+     * @return The implementation of the {@link IRoleAssignmentDAO}.
+     */
+    public IRoleAssignmentDAO getRoleAssignmentDAO();
+
+}
\ No newline at end of file
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IDatabaseInstanceDAO.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IDatabaseInstanceDAO.java
new file mode 100644
index 0000000000000000000000000000000000000000..ceedbbf38301c156d12855e2cdcb64afd7e7cc39
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IDatabaseInstanceDAO.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.dataaccess;
+
+import java.util.List;
+
+import org.springframework.dao.DataAccessException;
+import org.springframework.dao.EmptyResultDataAccessException;
+import org.springframework.dao.IncorrectResultSizeDataAccessException;
+
+import ch.systemsx.cisd.lims.base.dto.DatabaseInstancePE;
+
+/**
+ * An interface that contains all data access operations on {@link DatabaseInstancePE}s.
+ * 
+ * @author Christian Ribeaud
+ */
+public interface IDatabaseInstanceDAO
+{
+
+    /**
+     * Returns the home database instance - the only database instance which has its
+     * <code>is_original_source</code> flag set to <code>true</code>.
+     * 
+     * @throws EmptyResultDataAccessException if no original source database instance has been
+     *             found.
+     * @throws IncorrectResultSizeDataAccessException if more than one original source database
+     *             instance has been found.
+     */
+    public DatabaseInstancePE getHomeInstance() throws DataAccessException;
+
+    /**
+     * Updates given <code>databaseInstanceDTO</code>.
+     * <p>
+     * Note that to do so, {@link DatabaseInstancePE#getId()} must not be <code>null</code>.
+     * </p>
+     */
+    public void updateDatabaseInstancePE(final DatabaseInstancePE databaseInstancePE)
+            throws DataAccessException;
+
+    /**
+     * Returns a list of all available {@link DatabaseInstancePE} on this installation.
+     */
+    public List<DatabaseInstancePE> listDatabaseInstances();
+
+    /**
+     * Tries to find the database instance of specified code.
+     * 
+     * @return <code>null</code> if not found.
+     */
+    public DatabaseInstancePE tryFindDatabaseInstanceByCode(final String databaseInstanceCode)
+            throws DataAccessException;
+
+    /**
+     * Tries to find the database instance of specified <i>UUID</i>.
+     * 
+     * @return <code>null</code> if not found.
+     */
+    public DatabaseInstancePE tryFindDatabaseInstanceByUUID(final String databaseInstanceUUID)
+            throws DataAccessException;
+
+    /**
+     * Returns the database instance found for given <var>id</var>.
+     */
+    public DatabaseInstancePE getDatabaseInstanceById(final long id) throws DataAccessException;
+}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IGroupDAO.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IGroupDAO.java
new file mode 100644
index 0000000000000000000000000000000000000000..e1135b34e78ec63ca1c51adaf59d11ab6c235283
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IGroupDAO.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2007 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.dataaccess;
+
+import java.util.List;
+
+import org.springframework.dao.DataAccessException;
+import org.springframework.dao.EmptyResultDataAccessException;
+
+import ch.systemsx.cisd.lims.base.dto.DatabaseInstancePE;
+import ch.systemsx.cisd.lims.base.dto.GroupPE;
+
+/**
+ * <i>Data Access Object</i> for {@link GroupPE}.
+ * 
+ * @author Christian Ribeaud
+ */
+public interface IGroupDAO
+{
+
+    /**
+     * Returns the group id for given group code.
+     * 
+     * @throws EmptyResultDataAccessException if the group with code <var>groupCode</var> does not
+     *             exist in the database.
+     */
+    public Long getGroupIdByCode(String groupCode) throws DataAccessException;
+
+    /**
+     * Returns the group for given group id.
+     * 
+     * @param groupId the group unique identifier.
+     * @throws EmptyResultDataAccessException if the group with code <var>groupId</var> does not
+     *             exist in the database.
+     */
+    public GroupPE getGroupById(long groupId) throws DataAccessException;
+
+    /**
+     * Returns a list of {@link GroupPE}s (independent of {@link DatabaseInstancePE} each group
+     * belongs to).
+     */
+    public List<GroupPE> listGroups() throws DataAccessException;
+
+    /** List all groups which are in the given database instance. */
+    public List<GroupPE> listGroups(long databaseInstanceId) throws DataAccessException;
+
+    /** Creates a new group in the database. */
+    public void createGroup(GroupPE groupDTO) throws DataAccessException;
+
+    /**
+     * Returns <code>GroupPE</code> identified by given <var>groupCode</var> and given
+     * <var>databaseInstanceId</var> or <code>null</code> if such a group does not exist.
+     */
+    public GroupPE tryFindGroupByCodeAndDatabaseInstanceId(String groupCode, long databaseInstanceId)
+            throws DataAccessException;
+}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IPersonDAO.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IPersonDAO.java
new file mode 100644
index 0000000000000000000000000000000000000000..877ecf7237b314a02dbdf8cc204c54af929744e1
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IPersonDAO.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2007 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.dataaccess;
+
+import java.util.List;
+
+import org.springframework.dao.DataAccessException;
+
+import ch.systemsx.cisd.lims.base.dto.PersonPE;
+
+/**
+ * <i>Data Access Object</i> for persons.
+ * 
+ * @author Franz-Josef Elmer
+ */
+public interface IPersonDAO
+{
+    /**
+     * Finds the technical id of the person with the specified user id.
+     * 
+     * @param userId user id. Can not be blank.
+     * @return <code>null</code>, if no person with that id exists.
+     */
+    public PersonPE tryFindPersonByUserId(String userId) throws DataAccessException;
+
+    /**
+     * Inserts given <code>Person</code> into the database.
+     * <p>
+     * As side effect the <i>unique identifier</i> returned by the database is set to given
+     * <code>Person</code> object using {@link PersonPE#setId(Long)}.
+     * </p>
+     * 
+     * @param person <code>Person</code> object to be inserted into the database. Can not be
+     *            <code>null</code>.
+     */
+    public void createPerson(PersonPE person) throws DataAccessException;
+
+    /**
+     * For the given <code>id</code> returns the corresponding <code>Person</code>, or throw
+     * {@link DataAccessException}, if a person with the given <var>id</var> does not exist.
+     */
+    public PersonPE getPerson(long id) throws DataAccessException;
+
+    /**
+     * @returns The list of all persons currently present in the database.
+     */
+    public List<PersonPE> listPersons() throws DataAccessException;
+
+    /**
+     * Updates given <var>PersonPE</var>.
+     */
+    public void updatePerson(final PersonPE person) throws DataAccessException;
+
+}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IRoleAssignmentDAO.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IRoleAssignmentDAO.java
new file mode 100644
index 0000000000000000000000000000000000000000..4b06ea005609b9852ff7c556974bab2a51b77649
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IRoleAssignmentDAO.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.dataaccess;
+
+import java.util.List;
+
+import org.springframework.dao.DataAccessException;
+
+import ch.systemsx.cisd.lims.base.dto.PersonPE;
+import ch.systemsx.cisd.lims.base.dto.RoleAssignmentPE;
+
+/**
+ * <i>Data Access Object</i> for {@link RoleAssignmentPE}.
+ * 
+ * @author Izabela Adamczyk
+ */
+public interface IRoleAssignmentDAO
+{
+    /**
+     * Lists all role assignments found in the database.
+     */
+    public List<RoleAssignmentPE> listRoleAssignments() throws DataAccessException;
+
+    /**
+     * Creates a new role assignment in the database.
+     * 
+     * @param roleAssignment {@link RoleAssignmentPE} which should be stored in database.
+     */
+    public void createRoleAssignment(final RoleAssignmentPE roleAssignment)
+            throws DataAccessException;
+
+    /**
+     * Deletes given <code>RoleAssignmentPE</code> from the database.
+     */
+    public void deleteRoleAssignment(final RoleAssignmentPE roleAssignment)
+            throws DataAccessException;
+
+    /**
+     * Lists all role assignments found in the database for given <var>personId</var>.
+     */
+    public List<RoleAssignmentPE> listRoleAssignmentsByPerson(final PersonPE person);
+}