diff --git a/startup_scripts/000_users.py b/startup_scripts/000_users.py
index cb04a16..446aaeb 100644
--- a/startup_scripts/000_users.py
+++ b/startup_scripts/000_users.py
@@ -20,25 +20,23 @@ with file.open('r') as stream:
           username = username,
           password = user_details.get('password', 0) or User.objects.make_random_password)
 
-        print("👤 Created user ",username)
+        print("👤 Created user",username)
 
         if user_details.get('api_token', 0):
           Token.objects.create(user=user, key=user_details['api_token'])
 
         yaml_permissions = user_details.get('permissions', [])
-        permission_object = user
+        subject = user.user_permissions
         if yaml_permissions:
-          permission_object.permissions.clear()
+          subject.clear()
           for yaml_permission in yaml_permissions:
             if '*' in yaml_permission:
-              permission_codename_function = 'codename__iregex'
-              permission_codename = '^' + yaml_permission.replace('*','.*') + '$'
+              permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
+              permissions = Permission.objects.filter(codename__iregex=permission_filter)
+              print("  ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
             else:
-              permission_codename_function = 'codename'
-              permission_codename = yaml_permission
+              permissions = Permission.objects.filter(codename=yaml_permission)
+              print("  ⚿ Granting permission", yaml_permission)
             
-            # supports non-unique permission codenames
-            for permission in eval('Permission.objects.filter(' + permission_codename_function + '=permission_codename)'):
-              permission_object.permissions.add(permission)
-
-          permission_object.save()
+            for permission in permissions:
+              subject.add(permission)
diff --git a/startup_scripts/010_groups.py b/startup_scripts/010_groups.py
index 990e065..0a35387 100644
--- a/startup_scripts/010_groups.py
+++ b/startup_scripts/010_groups.py
@@ -25,17 +25,17 @@ with file.open('r') as stream:
           user.groups.add(group)
 
       yaml_permissions = group_details.get('permissions', [])
-      permission_object = group
+      subject = group.permissions
       if yaml_permissions:
-        permission_object.permissions.clear()
+        subject.clear()
         for yaml_permission in yaml_permissions:
           if '*' in yaml_permission:
-            permission_codename_function = 'codename__iregex'
-            permission_codename = '^' + yaml_permission.replace('*','.*') + '$'
+            permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
+            permissions = Permission.objects.filter(codename__iregex=permission_filter)
+            print("  ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
           else:
-            permission_codename_function = 'codename'
-            permission_codename = yaml_permission
-          
-          # supports non-unique permission codenames
-          for permission in eval('Permission.objects.filter(' + permission_codename_function + '=permission_codename)'):
-            permission_object.permissions.add(permission)
+            permissions = Permission.objects.filter(codename=yaml_permission)
+            print("  ⚿ Granting permission", yaml_permission)
+
+          for permission in permissions:
+            subject.add(permission)