diff -r eac7f5b20f9f -r 2d43c8b30ef0 cubicweb/server/test/data/cubicweb_localperms/schema.py
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cubicweb/server/test/data/cubicweb_localperms/schema.py	Tue Mar 19 14:26:51 2019 +0100
@@ -0,0 +1,42 @@
+from yams.buildobjs import EntityType, RelationType, RelationDefinition, String
+from cubicweb.schema import PUB_SYSTEM_ENTITY_PERMS, PUB_SYSTEM_REL_PERMS
+
+
+class CWPermission(EntityType):
+    """entity type that may be used to construct some advanced security
+    configuration
+    """
+    __permissions__ = PUB_SYSTEM_ENTITY_PERMS
+
+    name = String(required=True, indexed=True, internationalizable=True,
+                  maxsize=100, description=(
+                      'name or identifier of the permission'))
+    label = String(required=True, internationalizable=True, maxsize=100,
+                   description=('distinct label to distinguate between other '
+                                'permission entity of the same name'))
+
+
+class granted_permission(RelationType):
+    """explicitly granted permission on an entity"""
+    __permissions__ = PUB_SYSTEM_REL_PERMS
+    # XXX cardinality = '*1'
+
+
+class require_permission(RelationType):
+    __permissions__ = PUB_SYSTEM_REL_PERMS
+
+
+class require_group(RelationDefinition):
+    """groups to which the permission is granted"""
+    __permissions__ = PUB_SYSTEM_REL_PERMS
+    subject = 'CWPermission'
+    object = 'CWGroup'
+
+
+class has_group_permission(RelationDefinition):
+    """short cut relation for 'U in_group G, P require_group G' for efficiency
+    reason. This relation is set automatically, you should not set this.
+    """
+    __permissions__ = PUB_SYSTEM_REL_PERMS
+    subject = 'CWUser'
+    object = 'CWPermission'