diff --git a/profiles/unl_profile/unl_profile.install b/profiles/unl_profile/unl_profile.install
index 70224d08dfbe78655e6fe7b713ee6ccb06cb9d8b..9e89c7198aa1e740c77f11dfa946ba01d425574a 100644
--- a/profiles/unl_profile/unl_profile.install
+++ b/profiles/unl_profile/unl_profile.install
@@ -260,10 +260,29 @@ EOF;
// Only enable CAS on subsites until we get some sort of bootstrap setup.
module_enable(array('unl_cas'));
- // Copy permissions from the parent site to the new site.
- db_query("TRUNCATE {$new_prefix}role_permission")->execute();
- // I'm using REPLACE because I keep getting duplicate entry errors, despite inserting into what should be an empty table.
- db_query("REPLACE INTO {$new_prefix}role_permission (rid, permission, module) SELECT rid, permission, module FROM {$shared_prefix}role_permission")->execute();
+
+ // Copy the authenticated user role's permissions for text formats from the default site.
+ db_query("REPLACE INTO {$new_prefix}role_permission (rid, permission, module) SELECT rid, permission, module FROM {$shared_prefix}role_permission WHERE rid=:rid AND module='filter'", array(':rid' => DRUPAL_AUTHENTICATED_RID));
+
+ // Create the Site Admin role
+ $site_admin_role = new stdClass();
+ $site_admin_role->name = 'Site Admin';
+ $site_admin_role->weight = 2;
+ user_role_save($site_admin_role);
+
+ // Assign most permissions to the Site Admin role.
+ $all_permissions = module_invoke_all('permission');
+ unset($all_permissions['unl administer administrator permissions']);
+ unset($all_permissions['unl site creation']);
+ unset($all_permissions['administer modules']);
+ unset($all_permissions['administer themes']);
+ unset($all_permissions['administer software updates']);
+ unset($all_permissions['administer imce']);
+ unset($all_permissions['administer filters']);
+ foreach (array_keys(module_invoke('filter', 'permission')) as $permission) {
+ unset($all_permissions[$permission]);
+ }
+ user_role_grant_permissions($site_admin_role->rid, array_keys($all_permissions));
}