[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Intentions behind role 'inventory_adjust' vs 'inventory_reports'

Hi David,

On Sun, Apr 16, 2017 at 3:14 AM, David G <..hidden..> wrote:
Seeing this email I'm thinking your throw-away comment in #ledgersmb has merit. Seems like we need a roles/permissions editor for use at a dev level.

Yes. I'm thinking we need a matrix which cross-references database objects (tables, functions, sequences, ...) with role permissions; both what's directly assigned and in a "see through" mode where role-nesting is unfolded and the inherited permissions become visible.
Off hand I'd think we may want to revisit the permissions ecosystem possibly increasing its granularity and as we would now have an editor include virtual roles/permissions.

With 129 roles, I'm not sure we need finer grained granularity. What I'm 100% sure of is that we need to document the intent of each of these roles. That is: which functions in the application should become available when a person/group is being assigned that role?
Then at the instance and company levels allow roles/permissions to be selected as active/inactive so only the ones relevant to a company/instance are displayed in the UI

Actually, that takes my concept of "editors" a bit further: when you write this, I envision functionalities in the application to be gouped into features. The composition of these features would work along the same lines as the assignment of database objects to roles: a matrix would list application level objects such as roles and menu items. Then, availability of these objects in each feature is assigned using the matrix. Here, I'm not seeing necessity for nesting, but maybe the concept should still allow it.

My idea would be that the "database objects"->roles and "application objects"->features should be development tools. However, the first can also be used to assign individual roles to role groups, which would be an application admin function.



Today I'm trying to finish my tests for the inventory reports by creating a few BDD tests (I already had the database tests) for the reporting functionality.

Now, I try to run the tests using the minimal role set required for the functionality. However, I'm finding that I have a problem: I want to use the 'Search' function in the Goods and Services menu because it lists (among other things) the "On Hand" amount.

Granting my test user the "inventory_adjust" permission doesn't give access to the Search "report" output. Nor does "inventory_reports" (which provides access to the activity report and the inventory and cogs report).

The 'search' node seems to be part of the 'part_edit' role only.

I'm a bit lost here, trying to understand what the correct role would be for users who want to do the activities involved in inventory maintenance (searching for parts, inspecting parts, inspecting on-hand amounts, entering new inventory counts, ....).






http://efficito.com -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Ledger-smb-devel mailing list