The only solution I see currently is to do a hack and build the sorted list in tcl after querying all the rows from both tables - ugh. Given that there will never be many entries in these tables it won't be a performance problem, but it's very ugly.
I wonder why the datamodel was created that way in the first place - would there have been any problem just adding a parent_privilege field to acs_privileges which would have been null in case of a root node?
