diff --git a/src/python/dm/common/constants/dmRole.py b/src/python/dm/common/constants/dmRole.py
index 6904e8a0de497b756f164981018e7a98bb1103f6..a9a18889d9702fe8e65a0c7ae264059f89836358 100755
--- a/src/python/dm/common/constants/dmRole.py
+++ b/src/python/dm/common/constants/dmRole.py
@@ -2,7 +2,23 @@
 
 #######################################################################
 
-DM_ADMIN_ROLE = 'Administrator'
-DM_USER_ROLE = 'User'
+# Sessions can have either admin or user role
+DM_ADMIN_SESSION_ROLE = 'Admin'
+DM_USER_SESSION_ROLE = 'User'
+
+# System and experiment roles are used for fine grained authorization
+#    - "DM ADMIN" system role corresponds to "DM ADMIN" session role
+#    - all other system/experiment roles correspond to "DM USER" session role
+DM_ADMIN_SYSTEM_ROLE = 'Administrator'
+DM_ADMIN_SYSTEM_ROLE_ID = 1
+
+DM_MANAGER_SYSTEM_ROLE = 'Manager'
+DM_MANAGER_SYSTEM_ROLE_ID = 2
+
+DM_PI_EXPERIMENT_ROLE = 'PI'
+DM_PI_EXPERIMENT_ROLE_ID = 1
+
+DM_USER_EXPERIMENT_ROLE = 'User'
+DM_USER_EXPERIMENT_ROLE_ID = 2
 
 
diff --git a/src/python/dm/common/objects/allowedExperimentStationExperimentType.py b/src/python/dm/common/objects/allowedExperimentStationExperimentType.py
new file mode 100755
index 0000000000000000000000000000000000000000..c9be5803e90367d392aec7b64baddf2c6ee81bf1
--- /dev/null
+++ b/src/python/dm/common/objects/allowedExperimentStationExperimentType.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+from dmObject import DmObject
+
+class AllowedExperimentStationExperimentType(DmObject):
+
+    DEFAULT_KEY_LIST = [ 'experimentStationId', 'experimentTypeId' ]
+
+    def __init__(self, dict):
+        DmObject.__init__(self, dict)
+
diff --git a/src/python/dm/common/objects/authorizationPrincipal.py b/src/python/dm/common/objects/authorizationPrincipal.py
index 566ac16017b2d36283c30f4694858d09cf409b14..e944ab1830145512743b5e2f63d812a882fe9165 100755
--- a/src/python/dm/common/objects/authorizationPrincipal.py
+++ b/src/python/dm/common/objects/authorizationPrincipal.py
@@ -22,14 +22,27 @@ class AuthorizationPrincipal(DmObject):
     def getToken(self):
         return self.get('token')
 
-    def setRole(self, role):
-        self['role'] = role
+    def setSessionRole(self, role):
+        self['sessionRole'] = role
 
-    def getRole(self):
-        return self.get('role')
+    def getSessionRole(self):
+        return self.get('sessionRole')
 
     def setUserInfo(self, userInfo):
         self['userInfo'] = userInfo
 
     def getUserInfo(self):
         return self.get('userInfo')
+
+    def setUserSystemRoleDict(self, userSystemRoleDict):
+        self['userSystemRoleDict'] = userSystemRoleDict
+
+    def getUserSystemRoleDict(self):
+        return self.get('userSystemRoleDict')
+
+    def setUserExperimentRoleDict(self, userExperimentRoleDict):
+        self['userExperimentRoleDict'] = userExperimentRoleDict
+
+    def getUserExperimentRoleDict(self):
+        return self.get('userExperimentRoleDict')
+
diff --git a/src/python/dm/common/objects/dataFolder.py b/src/python/dm/common/objects/dataFolder.py
new file mode 100755
index 0000000000000000000000000000000000000000..231a20c6d1a4870a04b1744c0ac3471a4bd1005e
--- /dev/null
+++ b/src/python/dm/common/objects/dataFolder.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+import time
+from dmObject import DmObject
+
+class DataFolder(DmObject):
+
+    DEFAULT_KEY_LIST = [ 'id', 'name', 'description', 'storageId', 'experimentId', 'dataPath' ]
+
+    def __init__(self, dict={}):
+        DmObject.__init__(self, dict)
+
+####################################################################
+# Testing
+if __name__ == '__main__':
+    pass
+
diff --git a/src/python/dm/common/objects/endpoint.py b/src/python/dm/common/objects/endpoint.py
new file mode 100755
index 0000000000000000000000000000000000000000..2db45ef3187e888661ad0e1985cc45e45485860e
--- /dev/null
+++ b/src/python/dm/common/objects/endpoint.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+import time
+from dmObject import DmObject
+
+class Endpoint(DmObject):
+
+    DEFAULT_KEY_LIST = [ 'id', 'name', 'description', 'storageId', 'accessUrl' ]
+
+    def __init__(self, dict={}):
+        DmObject.__init__(self, dict)
+
+####################################################################
+# Testing
+if __name__ == '__main__':
+    pass
+
diff --git a/src/python/dm/common/objects/experiment.py b/src/python/dm/common/objects/experiment.py
index b83ecc9c79453699a87237da13e19d6e4e6f9591..23aa3c8145d1197f949e283fca8cfbe280a9c6ad 100755
--- a/src/python/dm/common/objects/experiment.py
+++ b/src/python/dm/common/objects/experiment.py
@@ -5,7 +5,7 @@ from dmObject import DmObject
 
 class Experiment(DmObject):
 
-    DEFAULT_KEY_LIST = [ 'id', 'name', 'dataDirectory', 'startDate', 'endDate', 'daqStartTime', 'daqEndTime' ]
+    DEFAULT_KEY_LIST = [ 'id', 'name', 'experimentTypeId', 'experimentStationId', 'dataDirectory', 'startDate', 'endDate', 'daqStartTime', 'daqEndTime' ]
 
     def __init__(self, dict={}):
         DmObject.__init__(self, dict)
diff --git a/src/python/dm/common/objects/experimentRoleType.py b/src/python/dm/common/objects/experimentRoleType.py
new file mode 100755
index 0000000000000000000000000000000000000000..b7f15f531f02a930ed0c332d1d4c78aca07d0ee6
--- /dev/null
+++ b/src/python/dm/common/objects/experimentRoleType.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+from dmObject import DmObject
+
+class ExperimentRoleType(DmObject):
+
+    DEFAULT_KEY_LIST = [ 'id', 'name', 'description' ]
+
+    def __init__(self, dict):
+        DmObject.__init__(self, dict)
+
diff --git a/src/python/dm/common/objects/experimentStation.py b/src/python/dm/common/objects/experimentStation.py
new file mode 100755
index 0000000000000000000000000000000000000000..3244d794602a14f472f24b1113a59ec72acd7986
--- /dev/null
+++ b/src/python/dm/common/objects/experimentStation.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+import time
+from dmObject import DmObject
+
+class ExperimentStation(DmObject):
+
+    DEFAULT_KEY_LIST = [ 'id', 'name', 'description' ]
+
+    def __init__(self, dict={}):
+        DmObject.__init__(self, dict)
+
+####################################################################
+# Testing
+if __name__ == '__main__':
+    pass
+
diff --git a/src/python/dm/common/objects/experimentType.py b/src/python/dm/common/objects/experimentType.py
index 20369b1790094b193bc7b8c4f6c1a0793478239d..460dda7311191c5a7829ad3efc76d7c34996e5ec 100755
--- a/src/python/dm/common/objects/experimentType.py
+++ b/src/python/dm/common/objects/experimentType.py
@@ -5,7 +5,7 @@ from dmObject import DmObject
 
 class ExperimentType(DmObject):
 
-    DEFAULT_KEY_LIST = [ 'id', 'name', 'description`', 'rootDataPath' ]
+    DEFAULT_KEY_LIST = [ 'id', 'name', 'description' ]
 
     def __init__(self, dict={}):
         DmObject.__init__(self, dict)
diff --git a/src/python/dm/common/objects/storage.py b/src/python/dm/common/objects/storage.py
new file mode 100755
index 0000000000000000000000000000000000000000..017fe6cc028d50641f18966df089beea48877187
--- /dev/null
+++ b/src/python/dm/common/objects/storage.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+import time
+from dmObject import DmObject
+
+class Storage(DmObject):
+
+    DEFAULT_KEY_LIST = [ 'id', 'name', 'description', 'defaultScheme' ]
+
+    def __init__(self, dict={}):
+        DmObject.__init__(self, dict)
+
+####################################################################
+# Testing
+if __name__ == '__main__':
+    pass
+
diff --git a/src/python/dm/common/objects/systemRoleType.py b/src/python/dm/common/objects/systemRoleType.py
new file mode 100755
index 0000000000000000000000000000000000000000..05259edae12d56291f1d45e6c8bcceddb1b13cdc
--- /dev/null
+++ b/src/python/dm/common/objects/systemRoleType.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+from dmObject import DmObject
+
+class SystemRoleType(DmObject):
+
+    DEFAULT_KEY_LIST = [ 'id', 'name', 'description' ]
+
+    def __init__(self, dict):
+        DmObject.__init__(self, dict)
+
diff --git a/src/python/dm/common/objects/userExperimentRole.py b/src/python/dm/common/objects/userExperimentRole.py
index a73b773f4aaf67ae0502b2debbf9a13e69be4d2e..05c358e063b3c0727d93e5b4aac589ee1378ef5f 100755
--- a/src/python/dm/common/objects/userExperimentRole.py
+++ b/src/python/dm/common/objects/userExperimentRole.py
@@ -4,7 +4,7 @@ from dmObject import DmObject
 
 class UserExperimentRole(DmObject):
 
-    DEFAULT_KEY_LIST = [ 'user_id', 'experiment_id', 'role_type_id' ]
+    DEFAULT_KEY_LIST = [ 'userId', 'experimentId', 'roleTypeId' ]
 
     def __init__(self, dict):
         DmObject.__init__(self, dict)
diff --git a/src/python/dm/common/objects/userSystemRole.py b/src/python/dm/common/objects/userSystemRole.py
index 270fc74f35f3a0c6898ffa58ccb7bbb77f2060d4..b21e9812bbd620cf311e867cc60508c678355202 100755
--- a/src/python/dm/common/objects/userSystemRole.py
+++ b/src/python/dm/common/objects/userSystemRole.py
@@ -4,7 +4,7 @@ from dmObject import DmObject
 
 class UserSystemRole(DmObject):
 
-    DEFAULT_KEY_LIST = [ 'user_id', 'role_type_id' ]
+    DEFAULT_KEY_LIST = [ 'userId', 'experimentStationId', 'roleTypeId' ]
 
     def __init__(self, dict):
         DmObject.__init__(self, dict)
diff --git a/src/python/dm/common/service/auth/authorizationPrincipalManager.py b/src/python/dm/common/service/auth/authorizationPrincipalManager.py
index 6dc313f1d99dc839af14246bdf406f12d3988fe8..7e5083417d2593a7afc3d5f36d824aef6734c50c 100755
--- a/src/python/dm/common/service/auth/authorizationPrincipalManager.py
+++ b/src/python/dm/common/service/auth/authorizationPrincipalManager.py
@@ -16,7 +16,6 @@ class AuthorizationPrincipalManager(DmObjectManager, Singleton):
     DEFAULT_CACHE_OBJECT_LIFETIME = 3600 # seconds
 
     CONFIG_SECTION_NAME = 'AuthorizationPrincipalManager'
-    ADMIN_ROLE_NAME_KEY = 'adminrolename'
     PRINCIPAL_RETRIEVER_KEY = 'principalretriever'
     PRINCIPAL_AUTHENTICATOR_KEY = 'principalauthenticator'
 
@@ -45,15 +44,12 @@ class AuthorizationPrincipalManager(DmObjectManager, Singleton):
     def configure(self):
         configItems = self.configurationManager.getConfigItems(AuthorizationPrincipalManager.CONFIG_SECTION_NAME)
         self.logger.debug('Got config items: %s' % configItems)
-        adminRoleName = self.configurationManager.getConfigOption(AuthorizationPrincipalManager.CONFIG_SECTION_NAME, AuthorizationPrincipalManager.ADMIN_ROLE_NAME_KEY)
 
         # Create principal retriever
         principalRetriever = self.configurationManager.getConfigOption(AuthorizationPrincipalManager.CONFIG_SECTION_NAME, AuthorizationPrincipalManager.PRINCIPAL_RETRIEVER_KEY)
         (moduleName,className,constructor) = self.configurationManager.getModuleClassConstructorTuple(principalRetriever, AuthorizationPrincipalManager)    
         self.logger.debug('Creating principal retriever class: %s' % className)
         self.principalRetriever = ObjectUtility.createObjectInstance(moduleName, className, constructor)
-        if adminRoleName is not None:
-            self.principalRetriever.setAdminRoleName(adminRoleName)
         self.logger.debug('Authorization principal retriever: %s' % (self.principalRetriever))
 
         # Create principal authenticators
diff --git a/src/python/dm/common/service/auth/authorizationPrincipalRetriever.py b/src/python/dm/common/service/auth/authorizationPrincipalRetriever.py
index 139a02d812fc669ce40a6130bb137cddbdf8b083..479d1a1feaeae8c3f2be4d1d1defce55d7873db2 100755
--- a/src/python/dm/common/service/auth/authorizationPrincipalRetriever.py
+++ b/src/python/dm/common/service/auth/authorizationPrincipalRetriever.py
@@ -6,28 +6,24 @@ from dm.common.utility.loggingManager import LoggingManager
 class AuthorizationPrincipalRetriever:
 
     def __init__(self, name=None):
-        self.adminRoleName = dmRole.DM_ADMIN_ROLE
         self.name = name
         self.logger = LoggingManager.getInstance().getLogger(self.__class__.__name__)
 
     def getName(self):
         return self.name
 
-    def setAdminRoleName(self, adminRoleName):
-        self.adminRoleName = adminRoleName
-
     def getAuthorizationPrincipal(self, username):
         return None
 
-    def checkAutorizationPrincipalRole(self, principal):
-        if principal is None or self.adminRoleName is None:
-            return
-        userInfo = principal.getUserInfo()
-        if userInfo is None:
+    def setAuthorizationPrincipalSessionRole(self, principal):
+        if principal is None:
             return
-        for userSystemRoleName in userInfo.get('userSystemRoleNameList', []):
-            if userSystemRoleName == self.adminRoleName:
-                principal.setRole(dmRole.DM_ADMIN_ROLE)
+        for userSystemRoleId in principal.get('userSystemRoleDict', {}).keys():
+            if userSystemRoleId == dmRole.DM_ADMIN_SYSTEM_ROLE_ID:
+                principal.setSessionRole(dmRole.DM_ADMIN_SESSION_ROLE)
+                return
+        principal.setSessionRole(dmRole.DM_USER_SESSION_ROLE)
+
 
 #######################################################################
 # Testing.
diff --git a/src/python/dm/common/service/auth/dbPrincipalRetriever.py b/src/python/dm/common/service/auth/dbPrincipalRetriever.py
index 4450f6e1db8ec585092e0b7961363623cc94e620..8db10d3603e16d5b9ccb211adf027236bb48a42a 100755
--- a/src/python/dm/common/service/auth/dbPrincipalRetriever.py
+++ b/src/python/dm/common/service/auth/dbPrincipalRetriever.py
@@ -16,9 +16,9 @@ class DbPrincipalRetriever(AuthorizationPrincipalRetriever):
         try:
             user = self.dbApi.getUserWithPasswordByUsername(username)
             principal = AuthorizationPrincipal(name=username, token=user.get('password'))
-            principal.setRole(dmRole.DM_USER_ROLE)
-            principal.setUserInfo(user)
-            self.checkAutorizationPrincipalRole(principal)
+            principal.setUserSystemRoleDict(user.get('userSystemRoleDict', {}))
+            principal.setUserExperimentRoleDict(user.get('userExperimentRoleDict', {}))
+            self.setAuthorizationPrincipalSessionRole(principal)
         except Exception, ex:
             self.logger.debug(ex)
         return principal
diff --git a/src/python/dm/common/service/auth/noOpPrincipalRetriever.py b/src/python/dm/common/service/auth/noOpPrincipalRetriever.py
index d285e6ee4ab2b7fa7bbcb7b1e5619afa7ef0cb39..d5066644ff0acc710f5b52fa161533ffe95614d2 100755
--- a/src/python/dm/common/service/auth/noOpPrincipalRetriever.py
+++ b/src/python/dm/common/service/auth/noOpPrincipalRetriever.py
@@ -14,9 +14,7 @@ class NoOpPrincipalRetriever(AuthorizationPrincipalRetriever):
         # Set password to be the same as username
         noOpPassword = CryptUtility.cryptPasswordWithPbkdf2(username)
         principal = AuthorizationPrincipal(name=username, token=noOpPassword)
-        principal.setRole(dmRole.DM_USER_ROLE)
-        if self.adminRoleName is not None:
-            principal.setRole(dmRole.DM_ADMIN_ROLE)
+        self.setAuthorizationPrincipalSessionRole(principal)
         return principal
 
 #######################################################################
diff --git a/src/python/dm/common/service/dmRestWebServiceBase.py b/src/python/dm/common/service/dmRestWebServiceBase.py
index 4014d2c9656a75e2162340ef5777ff3bfff87234..cec09990a9e1bcdb9738342f98d3dcc5f4bcce2d 100755
--- a/src/python/dm/common/service/dmRestWebServiceBase.py
+++ b/src/python/dm/common/service/dmRestWebServiceBase.py
@@ -25,7 +25,7 @@ class DmRestWebServiceBase:
     DEFAULT_SERVER_SOCKET_TIMEOUT = 30
     CONFIG_SECTION_NAME = 'WebService'
     CONFIG_OPTION_NAME_LIST = [ 'serviceHost', 'servicePort', 
-        'sslCertFile', 'sslKeyFile', 'sslCaCertFile' ]
+        'sslCertFile', 'sslKeyFile', 'sslCaCertFile', 'stationName' ]
 
     class SignalHandler:
         def __init__(self, signal, oldSignalHandler):
diff --git a/src/python/dm/common/service/dmSessionController.py b/src/python/dm/common/service/dmSessionController.py
index 1216a50447533b95215edbe4e71c727b6205f93e..d14d4ab8c93f2541f3483d8bb15e96159910541f 100755
--- a/src/python/dm/common/service/dmSessionController.py
+++ b/src/python/dm/common/service/dmSessionController.py
@@ -6,6 +6,7 @@
 
 import cherrypy
 from dm.common.constants import dmRole
+from dm.common.utility.configurationManager import ConfigurationManager
 from dm.common.service.dmController import DmController
 from dm.common.service.loginController import LoginController
 
@@ -72,7 +73,43 @@ class DmSessionController(DmController):
     @classmethod
     def isAdministrator(cls):
         def userIsAdministrator():
-            result = (cherrypy.session.get(LoginController.SESSION_ROLE_KEY, None) == dmRole.DM_ADMIN_ROLE)
+            result = (cherrypy.session.get(LoginController.SESSION_ROLE_KEY, None) == dmRole.DM_ADMIN_SESSION_ROLE)
             return result
         return userIsAdministrator
 
+    @classmethod
+    def hasAdministratorRole(cls):
+        sessionRole = cherrypy.session.get(LoginController.SESSION_ROLE_KEY, None)
+        return (sessionRole == dmRole.DM_ADMIN_SESSION_ROLE)
+        
+    @classmethod
+    def hasManagerRole(cls, experimentStationIdOrName):
+        systemRoleDict = cherrypy.session.get(LoginController.SESSION_SYSTEM_ROLE_DICT_KEY, None)
+        experimentStationIdOrNameList = systemRoleDict.get(dmRole.DM_MANAGER_SYSTEM_ROLE_ID, [])
+        if not experimentStationIdOrNameList:
+            # Remote sessions may come with string key
+            experimentStationIdOrNameList = systemRoleDict.get(str(dmRole.DM_MANAGER_SYSTEM_ROLE_ID), [])
+        return (experimentStationIdOrNameList.count(experimentStationIdOrName) > 0)
+        
+    @classmethod
+    def hasPiRole(cls, experimentIdOrName):
+        experimentRoleDict = cherrypy.session.get(LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY, None)
+        experimentIdOrNameList = experimentRoleDict.get(dmRole.DM_PI_EXPERIMENT_ROLE_ID, [])
+        return (experimentIdOrNameList.count(experimentIdOrName) > 0)
+        
+    @classmethod
+    def hasUserRole(cls, experimentIdOrName):
+        experimentRoleDict = cherrypy.session.get(LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY, None)
+        experimentIdOrNameList = experimentRoleDict.get(dmRole.DM_USER_EXPERIMENT_ROLE_ID, [])
+        return (experimentIdOrNameList.count(experimentIdOrName) > 0)
+        
+    @classmethod
+    def canManageStation(cls):
+        def userCanManageStation():
+            if cls.hasAdministratorRole():
+                return True
+            stationName = ConfigurationManager.getInstance().getStationName()
+            return cls.hasManagerRole(stationName)
+        return userCanManageStation
+        
+
diff --git a/src/python/dm/common/service/loginController.py b/src/python/dm/common/service/loginController.py
index 8226be02ac390397c798fd174b5d225132f63d34..1b6759d0fa09e39d1e0e399eae4db423501f1b8a 100755
--- a/src/python/dm/common/service/loginController.py
+++ b/src/python/dm/common/service/loginController.py
@@ -21,8 +21,9 @@ class LoginController(DmController):
     """ Controller to provide login and logout actions. """
 
     SESSION_USERNAME_KEY = '_cp_username'
-    SESSION_USER_KEY = 'user'
-    SESSION_ROLE_KEY = 'role'
+    SESSION_ROLE_KEY = 'sessionRole'
+    SESSION_SYSTEM_ROLE_DICT_KEY = 'systemRoleDict'
+    SESSION_EXPERIMENT_ROLE_DICT_KEY = 'experimentRoleDict'
     ORIGINAL_SESSION_ID_KEY = 'originalid'
     INVALID_SESSION_KEY = 'invalidSession'
 
@@ -96,16 +97,19 @@ class LoginController(DmController):
         #logger.debug('Checking credential for User: %s, Password: %s' % (username, password))
         logger.debug('Session id: %s' % cherrypy.serving.session.id)
         principal = AuthorizationPrincipalManager.getInstance().getAuthenticatedAuthorizationPrincipal(username, password)
-        #logger.debug('Principal: %s' % (principal))
+        logger.debug('Principal: %s' % (principal))
         if principal:
-            cherrypy.session[LoginController.SESSION_ROLE_KEY] = principal.getRole()
-            logger.debug('Successful login from user: %s (role: %s)' % (username, principal.getRole()))
+            cherrypy.session[LoginController.SESSION_ROLE_KEY] = principal.getSessionRole()
+            cherrypy.session[LoginController.SESSION_SYSTEM_ROLE_DICT_KEY] = principal['userSystemRoleDict']
+            cherrypy.session[LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY] = principal['userExperimentRoleDict']
+            logger.debug('Successful login from user: %s (role: %s)' % (username, principal.getSessionRole()))
             # Try adding to SingleSignOnManager
             sessionId = cherrypy.serving.session.id
             sessionCache = cherrypy.session.cache
-            sessionInfo = {LoginController.SESSION_ROLE_KEY : principal.getRole()}
-            sessionInfo[LoginController.SESSION_USER_KEY] = principal.getUserInfo()
+            sessionInfo = {LoginController.SESSION_ROLE_KEY : principal.getSessionRole()}
             sessionInfo[LoginController.SESSION_USERNAME_KEY] = username
+            sessionInfo[LoginController.SESSION_SYSTEM_ROLE_DICT_KEY] = principal.get('userSystemRoleDict', {})
+            sessionInfo[LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY] = principal.get('userExperimentRoleDict', {})
             ssoManager = SingleSignOnManager.getInstance()
             ssoManager.addSession(sessionId, sessionInfo)
         else:
@@ -115,7 +119,6 @@ class LoginController(DmController):
                 cherrypy.request.login = None
                 cherrypy.session[LoginController.INVALID_DM_SESSION_KEY] = True
             raise AuthorizationError('Incorrect username or password.')
-        cherrypy.session[LoginController.SESSION_USER_KEY] = principal.getUserInfo()
         return principal
 
     @classmethod
@@ -176,6 +179,8 @@ class LoginController(DmController):
             raise DmHttpError(dmHttpStatus.DM_HTTP_UNAUTHORIZED, 'User Not Authorized', InvalidSession(errorMsg))
 
         cherrypy.session[LoginController.SESSION_ROLE_KEY] = sessionInfo[LoginController.SESSION_ROLE_KEY]
+        cherrypy.session[LoginController.SESSION_SYSTEM_ROLE_DICT_KEY] = sessionInfo[LoginController.SESSION_SYSTEM_ROLE_DICT_KEY] 
+        cherrypy.session[LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY] = sessionInfo[LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY] 
         logger.debug('Session id %s is valid (username: %s)' % (sessionId, username))
         cherrypy.request.login = username
         for condition in conditions:
@@ -205,7 +210,7 @@ class LoginController(DmController):
         # Authorization worked.
         cherrypy.session[LoginController.SESSION_USERNAME_KEY] = cherrypy.request.login = username
         self.onLogin(username)
-        self.addDmSessionRoleHeaders(principal.getRole())
+        self.addDmSessionRoleHeaders(principal.getSessionRole())
         self.addDmResponseHeaders()
 
     @cherrypy.expose
diff --git a/src/python/dm/common/utility/configurationManager.py b/src/python/dm/common/utility/configurationManager.py
index 07456577f8cb90e22efbcbe6747af2c5411610a0..45c3d2dc4b9f82b0b0be605e570c94e10253fc83 100755
--- a/src/python/dm/common/utility/configurationManager.py
+++ b/src/python/dm/common/utility/configurationManager.py
@@ -73,6 +73,12 @@ DEFAULT_DM_SSL_KEY_FILE = None
 # Login (user|password) file
 DEFAULT_DM_LOGIN_FILE = None
 
+# Station name
+DEFAULT_DM_STATION_NAME = None
+
+# Allowed experiment types
+DEFAULT_DM_ALLOWED_EXPERIMENT_TYPES = None
+
 class ConfigurationManager(UserDict.UserDict):
     """ 
     Singleton class used for keeping system configuration data. The class
@@ -155,6 +161,10 @@ class ConfigurationManager(UserDict.UserDict):
 
         self['defaultLoginFile'] = DEFAULT_DM_LOGIN_FILE
 
+        self['defaultStationName'] = DEFAULT_DM_STATION_NAME
+
+        self['defaultAllowedExperimentTypes'] = DEFAULT_DM_ALLOWED_EXPERIMENT_TYPES
+
         # Settings that might come from environment variables.
         self.__setFromEnvVar('logFile', 'DM_LOG_FILE')
         self.__setFromEnvVar('consoleLogLevel', 'DM_CONSOLE_LOG_LEVEL')
@@ -190,6 +200,9 @@ class ConfigurationManager(UserDict.UserDict):
         self.__setFromEnvVar('dbPasswordFile', 'DM_DB_PASSWORD_FILE')
         self.__setFromEnvVar('loginFile', 'DM_LOGIN_FILE')
 
+        self.__setFromEnvVar('stationName', 'DM_STATION_NAME')
+        self.__setFromEnvVar('allowedExperimentTypes', 'DM_ALLOWED_EXPERIMENT_TYPES')
+
         # Settings that might come from file.
         self.__setFromVarFile('dbPassword', self.getDbPasswordFile())
 
@@ -810,6 +823,30 @@ class ConfigurationManager(UserDict.UserDict):
     def hasLoginFile(self):
         return self.has_key('loginFile')
 
+    def getDefaultStationName(self):
+        return self['defaultStationName']
+
+    def getStationName(self, default='__dm_default__'):
+        return self.__getKeyValue('stationName', default) 
+
+    def setStationName(self, f):
+        self['stationName'] = f
+
+    def hasStationName(self):
+        return self.has_key('stationName')
+
+    def getDefaultAllowedExperimentTypes(self):
+        return self['defaultAllowedExperimentTypes']
+
+    def getAllowedExperimentTypes(self, default='__dm_default__'):
+        return self.__getKeyValue('allowedExperimentTypes', default) 
+
+    def setAllowedExperimentTypes(self, f):
+        self['allowedExperimentTypes'] = f
+
+    def hasAllowedExperimentTypes(self):
+        return self.has_key('allowedExperimentTypes')
+
 #######################################################################
 # Testing.