Goal

To keep the stock scope simple for 3.1, the goal is to follow the pattern in Requisition to create similar Rights (permissions) that will be used by Stock in 3.1. This includes using the existing Requisition Groups, Supervisory Nodes, and applying facility-specific permissions. This wiki page was originally created to design that in response to ticket .

See the Role Based Access Control page for more background on the different types of rights and roles.

Rights and Roles

STOCK_INVENTORIES_EDIT (supervision type):
A user with this right can create a physical inventory and can submit a physical inventory within a specific Program and HomeFacility/Node. What we mean by "HomeFacility/Node" is that this right, just like any supervision type right, is assigned for a single Program along with either the users home facility or a supervisory node. If assigned for a Supervisory Node, the permissions apply to all facilities below that node in the hierarchy. The right only works with a single Program. So if a user should have permissions to conduct physical inventories for multiple programs, you would need to assign the right individually for each program to that user.

Applies to:

• • POST /api/physicalInventories
    
  • POST /api/physicalInventories/draft
    
  • GET /api/physicalInventories/draft
    

STOCK_INVENTORIES_VIEW (supervision type):
A user with this right gets view permissions to view (and print) any submitted and past/historical physical inventories with a specific Program and Node. This right does not give users the ability to view drafts.

Applies to:

• • GET /api/physicalInventories (IF Stock 3.1 includes this endpoint to provides views of historical physical inventories)
    

STOCK_ADJUST (supervision type):
A user with this right can make a stock adjustment, potentially altering the SOH, for any Orderable that is part of a specific Program and HomeFacility/Node.

Applies to:

• • Making adjustments
    

STOCK_CARDS_VIEW (supervision type):
Can view all the stock cards and line items for any Orderable that is part of a specified Program and HomeFacility/Node.

Applies to:

• • Viewing the stock card with all its line items, including all historical line items, and printing
    
  • Viewing and printing an SOH summary showing a stock card's SOH
    

NOT in v3.1

• Creating a Stock Card: This is not a right, because we expect the system will create a stock card on-the-fly on an as-needed basis. This might happen during a physical inventory, or even while recording an adjustment. The other rights cover those cases. For example, if a user can adjust stock for Program A at Facility Z, then their activities in the system can also result in creation of a stock card at A and Z.
  
• Editing a Stock Card: This is not a right, because currently there is nothing to edit. The stock card has no fields other than its identification as a combination of a Program, Product (Orderable) and Facility. It also has Line Items, but those are covered above.
  
• Issuing and Receiving: There are not specific rights for this. We may decide in the future to create a new right when this functionality is added.
  
• Receiving by POD: (also not in scope yet)

Open Questions

1. Do we need any other mechanisms for users to see across multiple programs? or across multiple facilities? The scheme would require assigning multiple rights if the user needed permissions to multiple facilities. The scheme above would involve using supervisory nodes to give permissions to multiple facilities (any section of the supervisory hierarchy).
   
   1. Proposed Answer: This is good enough for now. It is a little clunky, because there is no way to say "assign this user for ALL programs at Facility X". But that's okay.
2.