diff --git a/fas/fas/model.py b/fas/fas/model.py
index 9af25ed..c701fdd 100644
--- a/fas/fas/model.py
+++ b/fas/fas/model.py
@@ -62,6 +62,7 @@ GroupEmailsTable = Table('group_emails', metadata, autoload=True)
 GroupRolesTable = Table('group_roles', metadata, autoload=True)
 BugzillaQueueTable = Table('bugzilla_queue', metadata, autoload=True)
 LogTable = Table('log', metadata, autoload=True)
+RequestsTable = Table('requests', metadata, autoload=True)
 
 #
 # Selects for filtering roles
@@ -331,7 +332,13 @@ class BugzillaQueue(SABase):
     pass
 
 class Log(SABase):
-    '''Write simple logs of changesto the database.'''
+    '''Write simple logs of changes to the database.'''
+    pass
+
+class Requests(SABase):
+    '''
+    Requests for certain resources may be restricted based on the user or host.
+    '''
     pass
 
 #
@@ -431,6 +438,9 @@ mapper(Log, LogTable, properties = {
     ### TODO: test to be sure SQLAlchemy only loads the backref on demand
     'author': relation(People, backref='changes')
     })
+mapper(Requests, RequestsTable, properties = {
+    'person': relation(People, backref='requests')
+    })
 
 # TurboGears Identity
 mapper(Visit, visits_table)
diff --git a/fas/fas/safasprovider.py b/fas/fas/safasprovider.py
index 4572247..c425096 100644
--- a/fas/fas/safasprovider.py
+++ b/fas/fas/safasprovider.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright © 2007  Red Hat, Inc. All rights reserved.
+# Copyright © 2007-2008  Red Hat, Inc. All rights reserved.
 #
 # This copyrighted material is made available to anyone wishing to use, modify,
 # copy, or redistribute it subject to the terms and conditions of the GNU
diff --git a/fas/fas2.sql b/fas/fas2.sql
index 031ae1e..7d598f9 100644
--- a/fas/fas2.sql
+++ b/fas/fas2.sql
@@ -216,6 +216,34 @@ create table log (
 create index log_changetime_idx on log(changetime);
 cluster log_changetime_idx on log;
 
+--
+-- This table allows certain services to be restricted by hostname/ip/person.
+--
+-- Any time a request for a restricted action is requested, the FAS server
+-- consults this table to see if the user@(hostname/ip) is allowed to access
+-- the resource.  If approved is true, the request is granted.  If false or
+-- null, the request is denied.
+--
+-- New records are created when a request is first made by a specific
+-- username@(hostname/id)
+--
+create table requests (
+    id serial primary key,
+    person_id INTEGER not null references people(id),
+    hostname TEXT not null,
+    ip TEXT not null,
+    action TEXT not null default 'trust_all',
+    last_request TIMESTAMP default now() not null,
+    approved boolean,
+    unique (person_id, hostname, ip, action)
+);
+
+create index requests_last_request_idx on requests(last_request);
+create index hostname_idx on requests(hostname);
+create index ip_idx on requests(ip);
+create index person_id_idx on requests(person_id);
+cluster requests_last_request_idx on requests;
+
 --
 -- turbogears session tables
 --