diff --git a/ex201/ex201.2.1/container_files/seed-data/bootstrap.gsh b/ex201/ex201.2.1/container_files/seed-data/bootstrap.gsh
index 0025a4e..72817d7 100644
--- a/ex201/ex201.2.1/container_files/seed-data/bootstrap.gsh
+++ b/ex201/ex201.2.1/container_files/seed-data/bootstrap.gsh
@@ -1,9 +1,48 @@
-
 GrouperSession.startRootSession()
+addRootStem("201.2.1", "201.2.1")
+
+// should be a loader job?
+addStem("ref", "employee", "employee")
+fac_staff = addGroup("ref:employee", "fac_staff", "fac_staff")
+
+// Set ref object type on fac_staff reference group
+AttributeDefName typeMarker = AttributeDefNameFinder.findByName("etc:objectTypes:grouperObjectTypeMarker", true);
+AttributeAssign attributeAssign = fac_staff.getAttributeDelegate().hasAttribute(typeMarker) ? fac_staff.getAttributeDelegate().retrieveAssignments(typeMarker).iterator().next() : fac_staff.getAttributeDelegate().addAttribute(typeMarker).getAttributeAssign();
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeDirectAssignment", "true");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeName", "ref");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeDataOwner",
+"HR and Provost Office");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeMembersDescription",
+"All faculty and staff");
+
+addStem("ref", "security", "security")
+locked_by_ciso = addGroup("ref:security", "locked_by_ciso", "locked_by_ciso")
+AttributeAssign attributeAssign = locked_by_ciso.getAttributeDelegate().hasAttribute(typeMarker) ? locked_by_ciso.getAttributeDelegate().retrieveAssignments(typeMarker).iterator().next() : locked_by_ciso.getAttributeDelegate().addAttribute(typeMarker).getAttributeAssign();
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeDirectAssignment", "true");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeName", "ref");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeDataOwner",
+"CISO");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeMembersDescription",
+"Subjects denied access by CISO");
+
+addStem("ref", "iam", "iam")
+closure = addGroup("ref:iam", "closure", "closure")
+AttributeAssign attributeAssign = closure.getAttributeDelegate().hasAttribute(typeMarker) ? closure.getAttributeDelegate().retrieveAssignments(typeMarker).iterator().next() : closure.getAttributeDelegate().addAttribute(typeMarker).getAttributeAssign();
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeDirectAssignment", "true");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeName", "ref");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeDataOwner",
+"IAM");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeMembersDescription",
+"Accounts in the process of being closed");
 
-addStem("app", "vpn", "vpn")
-addGroup("app:vpn", "vpn_authorized", "vpn_authorized")
-addGroup("app:vpn", "vpn_allow", "vpn_allow")
-addGroup("app:vpn", "vpn_deny", "vpn_deny")
+addStem("org", "irb", "irb")
+addStem("org:irb", "ref", "ref")
+irb_members = addGroup("org:irb:ref", "irb_members", "irb_members")
+AttributeAssign attributeAssign = irb_members.getAttributeDelegate().hasAttribute(typeMarker) ? irb_members.getAttributeDelegate().retrieveAssignments(typeMarker).iterator().next() : irb_members.getAttributeDelegate().addAttribute(typeMarker).getAttributeAssign();
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeDirectAssignment", "true");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeName", "ref");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeDataOwner",
+"Institutional Review Board");
+attributeAssign.getAttributeValueDelegate().assignValue("etc:objectTypes:grouperObjectTypeMembersDescription",
+"Members of the IRB");
 
-addComposite("app:vpn:vpn_authorized", CompositeType.COMPLEMENT, "app:vpn:vpn_allow", "app:vpn:vpn_deny")
\ No newline at end of file
diff --git a/ex201/ex201.2.end/container_files/seed-data/bootstrap.gsh b/ex201/ex201.2.end/container_files/seed-data/bootstrap.gsh
index d1ce2b9..c06c515 100644
--- a/ex201/ex201.2.end/container_files/seed-data/bootstrap.gsh
+++ b/ex201/ex201.2.end/container_files/seed-data/bootstrap.gsh
@@ -1,30 +1,29 @@
-
 GrouperSession.startRootSession()
+delStem("201.2.1")
+addRootStem("201.2.end", "201.2.end")
 
-//ex 201.2.2
-addStem("ref", "employee", "employee")
-addGroup("ref:employee", "fac_staff", "fac_staff")
-addMember("app:vpn:vpn_allow", "ref:employee:fac_staff")
+addStem("app", "vpn", "vpn")
+addStem("app:vpn", "service", "service")
+addStem("app:vpn", "security", "security")
+addStem("app:vpn:service", "policy", "policy")
+addStem("app:vpn:service", "ref", "ref")
+addStem("app:vpn:service", "attributes", "attributes")
+
+addGroup("app:vpn:service:policy", "vpn_authorized", "vpn_authorized")
+addGroup("app:vpn:service:policy", "vpn_allow", "vpn_allow")
+addGroup("app:vpn:service:policy", "vpn_deny", "vpn_deny")
+addComposite("app:vpn:service:policy:vpn_authorized", CompositeType.COMPLEMENT, "app:vpn:service:policy:vpn_allow", "app:vpn:service:policy:vpn_deny")
 
-addStem("ref", "security", "security")
-addGroup("ref:security", "locked_by_cisco", "locked_by_cisco")
-addMember("app:vpn:vpn_deny", "ref:security:locked_by_cisco")
+addGroup("app:vpn:security", "vpnAdmins", "vpnAdmins")
+addGroup("app:vpn:security", "vpnReaders", "vpnReaders")
+addGroup("app:vpn:security", "vpnUpdaters", "vpnUpdaters")
+grantPriv("app:vpn", "app:vpn:security:vpnAdmins", NamingPrivilege.STEM)
 
-addStem("ref", "iam", "iam")
-addGroup("ref:iam", "closure", "closure")
-addMember("app:vpn:vpn_deny", "ref:iam:closure")
+//ex 201.2.2
+addMember("app:vpn:service:policy:vpn_allow", "ref:employee:fac_staff")
+addMember("app:vpn:service:policy:vpn_deny", "ref:security:locked_by_ciso")
+addMember("app:vpn:service:policy:vpn_deny", "ref:iam:closure")
 
 //ex 201.2.3
-addStem("org", "irb", "irb")
-addStem("org:irb", "ref", "ref")
-addGroup("org:irb:ref", "irb_members", "irb_members")
-addMember("app:vpn:vpn_allow", "org:irb:ref:irb_members")
+addMember("app:vpn:service:policy:vpn_allow", "org:irb:ref:irb_members")
 addMember("org:irb:ref:irb_members", "jsmith")
-
-//ex 201.2.4
-addStem("ref", "app", "app")
-addStem("ref:app", "vpn", "vpn")
-addStem("ref:app:vpn", "etc", "etc")
-addGroup("ref:app:vpn:etc", "vpn_admins", "vpn_admins")
-
-grantPriv("ref:app:vpn", "ref:app:vpn:etc:vpn_admins", NamingPrivilege.STEM)
\ No newline at end of file