i have assigned “manager” role to the user for the location. I still see that he is able to create Product group, Product association, Product component etc. This is expected for the Product manager role.
is it correct, that it is currently not possible to assign roles for other location types than depot? So there is no real use for zones in terms of functionality?
there are more roles in the app than listed it he article above - are they explained anywhere?
PS: got funny error while posting the topic “user role model”
An error occurred: Title seems unclear, most of the words contain the same letters over and over?
For question 1, what are the users global permissions? If the user has “admin” or “superuser” as their default role, they cannot be downgraded within a given location. You would instead need to set their default role as the lowest possible role in any location (so manager, browser, or no access) and upgrade the user by location. It’s also worth noting that because products are global, if you give someone access to products in one location, you are essentially giving them access in every location. The system should hide the product functionality in a location where you dont have that access, but there may be areas where it isnt hidden completely.
That is essentially correct. You can set up e-request permissions on a ward, but that is the only exception to the rule. Zones only function as an organizing unit for bins. You can sort/group by them in most screens, the pdf pick and pack lists are separated by them, but they dont have any of the functionality associated with depots or other locations.
I just published an updated version of that article with some added descriptions. The roles that are still not documented are assistant and notifications. Assistant is between a browser and manager, but it hasn’t been well maintained so we would need to re-test what is included there. Notifications similarly have not been maintained and are only partly functional. I would recommend avoiding those permission sets unless you are willing to do your own QA. You might also find this article useful: Configure users and roles
Hope that helps! Let me know if you have more questions. Our permission system is long overdue for a revamp.
so this means if we would like to limit access for some users to some portions of the stock (in our case there are depots split into different zones based on the business areas) we will have to create different depots.
Yes! It can be annoying but we do a lot of this in our implementation and it works just fine as long as you arent transferring between the zones constantly. We do it for heavily controlled grants - every grant has a separate virtual depot representing the stock for that grant, with everything in the same physical building grouped by location group. You can use inventory by location report to get a combined report of all of the zones.