diff --git a/master.rest b/master.rest
index 7ec0e6e..d38e5c4 100644
--- a/master.rest
+++ b/master.rest
@@ -359,7 +359,7 @@ metadata:
   organization: :org
 spec:
   isGlobal: true
-  scope: cluster
+  scope: system
 
 # Create role
 POST :host/auth/v3/partner/:partner/organization/:org/roles
@@ -414,4 +414,44 @@ Content-Type: application/yaml
 ## Audit
 
 # Audit by project
-GET :host/event/v1/auditlog?filter.timefrom=now-1h
\ No newline at end of file
+GET :host/event/v1/auditlog?filter.timefrom=now-1h
+
+## Partner
+
+# Create partner
+POST :host/auth/v3/partner
+Content-Type: application/yaml
+
+metadata:
+  name: :partner
+  description: "A very important partner"
+spec:
+  host: "https://important.org"
+
+# List organizations
+GET :host/auth/v3/partner/:partner/organizations
+
+# Create organization
+POST :host/auth/v3/partner/:partner/organization
+Content-Type: application/yaml
+
+metadata:
+  partner: :partner
+  name: :org
+  description: "Very first organization"
+spec:
+  active: true
+
+# Create project
+POST :host/auth/v3/partner/:partner/organization/:org/project
+Content-Type: application/yaml
+
+metadata:
+  name: :project
+  description: "Very first project"
+spec:
+  active: true
+
+# Delete project
+DELETE :host/auth/v3/partner/:partner/organization/:org/project/:project
+
diff --git a/pkg/service/group.go b/pkg/service/group.go
index 4966fd7..47c25e2 100644
--- a/pkg/service/group.go
+++ b/pkg/service/group.go
@@ -482,17 +482,17 @@ func (s *groupService) Delete(ctx context.Context, group *userv3.Group) (*userv3
 			return &userv3.Group{}, err
 		}
 
-		group, err = s.deleteGroupRoleRelaitons(ctx, s.db, grp.ID, group)
+		group, err = s.deleteGroupRoleRelaitons(ctx, tx, grp.ID, group)
 		if err != nil {
 			tx.Rollback()
 			return &userv3.Group{}, err
 		}
-		group, err = s.deleteGroupAccountRelations(ctx, s.db, grp.ID, group)
+		group, err = s.deleteGroupAccountRelations(ctx, tx, grp.ID, group)
 		if err != nil {
 			tx.Rollback()
 			return &userv3.Group{}, err
 		}
-		err = dao.Delete(ctx, s.db, grp.ID, grp)
+		err = dao.Delete(ctx, tx, grp.ID, grp)
 		if err != nil {
 			tx.Rollback()
 			return &userv3.Group{}, err
diff --git a/pkg/service/role.go b/pkg/service/role.go
index 332d246..751b3c2 100644
--- a/pkg/service/role.go
+++ b/pkg/service/role.go
@@ -52,11 +52,11 @@ func NewRoleService(db *bun.DB, azc AuthzService) RoleService {
 func (s *roleService) getPartnerOrganization(ctx context.Context, db bun.IDB, role *rolev3.Role) (uuid.UUID, uuid.UUID, error) {
 	partner := role.GetMetadata().GetPartner()
 	org := role.GetMetadata().GetOrganization()
-	partnerId, err := dao.GetPartnerId(ctx, s.db, partner)
+	partnerId, err := dao.GetPartnerId(ctx, db, partner)
 	if err != nil {
 		return uuid.Nil, uuid.Nil, err
 	}
-	organizationId, err := dao.GetOrganizationId(ctx, s.db, org)
+	organizationId, err := dao.GetOrganizationId(ctx, db, org)
 	if err != nil {
 		return partnerId, uuid.Nil, err
 	}
@@ -65,7 +65,7 @@ func (s *roleService) getPartnerOrganization(ctx context.Context, db bun.IDB, ro
 }
 
 func (s *roleService) deleteRolePermissionMapping(ctx context.Context, db bun.IDB, rleId uuid.UUID, role *rolev3.Role) (*rolev3.Role, error) {
-	err := dao.DeleteX(ctx, s.db, "resource_role_id", rleId, &models.ResourceRolePermission{})
+	err := dao.DeleteX(ctx, db, "resource_role_id", rleId, &models.ResourceRolePermission{})
 	if err != nil {
 		return &rolev3.Role{}, err
 	}
@@ -87,7 +87,7 @@ func (s *roleService) createRolePermissionMapping(ctx context.Context, db bun.ID
 
 	var items []models.ResourceRolePermission
 	for _, p := range perms {
-		entity, err := dao.GetIdByName(ctx, s.db, p, &models.ResourcePermission{})
+		entity, err := dao.GetIdByName(ctx, db, p, &models.ResourcePermission{})
 		if err != nil {
 			return role, fmt.Errorf("unable to find role permission '%v'", p)
 		}
@@ -101,7 +101,7 @@ func (s *roleService) createRolePermissionMapping(ctx context.Context, db bun.ID
 		}
 	}
 	if len(items) > 0 {
-		_, err := dao.Create(ctx, s.db, &items)
+		_, err := dao.Create(ctx, db, &items)
 		if err != nil {
 			return role, err
 		}
@@ -313,7 +313,7 @@ func (s *roleService) Delete(ctx context.Context, role *rolev3.Role) (*rolev3.Ro
 			return &rolev3.Role{}, err
 		}
 
-		err = dao.Delete(ctx, s.db, rle.ID, rle)
+		err = dao.Delete(ctx, tx, rle.ID, rle)
 		if err != nil {
 			tx.Rollback()
 			return &rolev3.Role{}, err
@@ -345,7 +345,7 @@ func (s *roleService) toV3Role(ctx context.Context, db bun.IDB, role *rolev3.Rol
 		Labels:       labels,
 		ModifiedAt:   timestamppb.New(rle.ModifiedAt),
 	}
-	entities, err := dao.GetRolePermissions(ctx, s.db, rle.ID)
+	entities, err := dao.GetRolePermissions(ctx, db, rle.ID)
 	if err != nil {
 		return role, err
 	}
diff --git a/pkg/service/user.go b/pkg/service/user.go
index 0e9f944..964d352 100644
--- a/pkg/service/user.go
+++ b/pkg/service/user.go
@@ -454,7 +454,7 @@ func (s *userService) Delete(ctx context.Context, user *userv3.User) (*userrpcv3
 			return &userrpcv3.DeleteUserResponse{}, err
 		}
 
-		err = s.deleteUserRoleRelations(ctx, s.db, usr.ID, user)
+		err = s.deleteUserRoleRelations(ctx, tx, usr.ID, user)
 		if err != nil {
 			tx.Rollback()
 			return &userrpcv3.DeleteUserResponse{}, err
@@ -466,7 +466,7 @@ func (s *userService) Delete(ctx context.Context, user *userv3.User) (*userrpcv3
 			return &userrpcv3.DeleteUserResponse{}, err
 		}
 
-		err = dao.DeleteX(ctx, s.db, "account_id", usr.ID, &models.GroupAccount{})
+		err = dao.DeleteX(ctx, tx, "account_id", usr.ID, &models.GroupAccount{})
 		if err != nil {
 			tx.Rollback()
 			return &userrpcv3.DeleteUserResponse{}, fmt.Errorf("unable to delete user; %v", err)
diff --git a/scripts/initialize/main.go b/scripts/initialize/main.go
index ec2e132..3fa2612 100644
--- a/scripts/initialize/main.go
+++ b/scripts/initialize/main.go
@@ -11,9 +11,9 @@ import (
 	"os"
 	"path"
 
+	"github.com/RafayLabs/rcloud-base/internal/dao"
 	"github.com/RafayLabs/rcloud-base/internal/models"
-	providers "github.com/RafayLabs/rcloud-base/internal/persistence/provider/kratos"
-	"github.com/RafayLabs/rcloud-base/internal/persistence/provider/pg"
+	providers "github.com/RafayLabs/rcloud-base/internal/provider/kratos"
 	"github.com/RafayLabs/rcloud-base/pkg/common"
 	"github.com/RafayLabs/rcloud-base/pkg/enforcer"
 	"github.com/RafayLabs/rcloud-base/pkg/service"
@@ -77,7 +77,7 @@ func addResourcePermissions(db *bun.DB, basePath string) error {
 	}
 
 	fmt.Println("Adding", len(items), "resource permissions")
-	_, err = pg.Create(context.Background(), db, &items)
+	_, err = dao.Create(context.Background(), db, &items)
 	return err
 }
 
@@ -151,14 +151,14 @@ func main() {
 	if err != nil {
 		log.Fatal("unable to init enforcer", "error", err)
 	}
-	as := service.NewAuthzService(gormDb, enforcer)
+	as := service.NewAuthzService(db, enforcer)
 
 	ps := service.NewPartnerService(db)
 	os := service.NewOrganizationService(db)
 	rs := service.NewRoleService(db, as)
 	us := service.NewUserService(providers.NewKratosAuthProvider(kc), db, as, nil, common.CliConfigDownloadData{})
 
-	err = pg.HardDeleteAll(context.Background(), db, &models.ResourcePermission{})
+	err = dao.HardDeleteAll(context.Background(), db, &models.ResourcePermission{})
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -193,7 +193,7 @@ func main() {
 				Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: scope, Rolepermissions: perms},
 			})
 			if err != nil {
-				log.Fatal("unable to create rolepermission", scope, name, err)
+				log.Fatalf("unable to create rolepermission %s %s: %s", scope, name, err)
 			}
 		}
 	}