The Seed-to-Sale software provides a menu of default security roles that determine the modules and functions users can access depending on their position or rank. Administrators can customize these roles, or create new roles altogether, to better suit the needs of their facility. However, Ample Organics recommends the licence holder adhere as closely as possible to the default security roles.
Select a security role from the list below to read a brief description and a list of permissions associated with the role.
Admin
The Admin security role grants the user access to all functions across the Seed-to-Sale platform and Gun App. An Admin user is the only role with access to the User Management tab in the Settings module, where they can create new users, assign security roles, and customize available security roles and their associated permissions. Ample Organics suggests that licence holders limit Admin access to select high-ranking managers.
Permissions
The Admin security role includes all permissions.
| Permission Name | Description |
| address_archive | Grants permission to delete a vendor address in the Wholesale application. |
| address_update | Grants permission to create or update a vendor address in the Wholesale application. |
| address_read | Grants permission to delete a vendor address in the Wholesale application. |
| ample_care_read | Grants permission to view and open the AmpleCare tab in the Clients module. |
| ample_care_update | Grants permission to update existing clients through AmpleCare. |
| ample_care_create | Grants permission to accept or reject a new client or prescription though AmpleCare. |
| batch_update | Grants permission to update batches. This includes splitting or combining batches, opening a batch for harvest, marking a batch for wholesale, and destroying or restoring batch waste. |
| batch_create | Grants permission to create batches. This includes creating a new batch via splitting. |
| batch_read | Grants permission to view batch information. |
| batch_archive | Grants permission to archive batches. |
| reclaim_bottles_create | Grants permission to reclaim bottles. |
| bulk_lot_transfer | Grants permission to transfer weight between Bulk Lots. |
| bulk_lot_archive | Grants permission to archive Bulk Lots. |
| bulk_lot_update_name | Grants permission to update a Bulk Lot's name |
| bulk_lot_split | Grants permission to split Bulk Lots. |
| call_log_destroy | Grants permission to delete call logs. |
| call_log_update | Grants permission to update call logs. |
| call_log_create | Grants permission to create call logs. |
| call_log_read | Grants permission to view the Call Logs tab in the Clients module. |
| casing_run_read | Grants permission to view the Casing Runs tab in the Products module, and generate casing records. |
| casing_run_restock | Grants permission to restock cases. |
| casing_run_create | Grants permission to create Casing Runs. |
| client_delete | Grants permission to delete clients. |
| client_update_client_id | Grants permission to update a client's ID string, which serves as the client's username on the Client Portal. |
| client_create | Grants permission to create new clients, configure medical profiles, create new prescriptions, and create new registrations via amendment. |
| client_read | Grants permission to view client information. |
| client_update | Grants permission to update clients. This includes adding or removing clients from sales channels and sending emails through the Email Logs tab. |
| client_archive | Grants permission to archive clients and their associated registrations. |
| complaint_create | Grants permission to create complaints. |
| complaint_archive | Grants permission to archive complaints. |
| complaint_update | Grants permission to update complaints. This includes adding entries in the Pertains To section. |
| complaint_read | Grants permission to view the Complaints module, download Complaint PDF reports, and access Complaints Reports in the Reports module. |
| credit_card_create | Grants permission to log credit card information. |
| credit_card_destroy | Grants permission to delete credit card information. |
| destruction_lot_read | Grants permission to view the Destruction module and Destruction Lot information. |
| destruction_lot_archive | Grants permission to archive Destruction Lots and sublots. |
| destruction_lot_create | Grants permission to create Destruction Lots and sublots. |
| destruction_lot_update | Grants permission to update Destruction Lots and sublots. This includes closing, reopening, and destroying lots. |
| device_create | Grants permission to add scales, printers, and other devices. |
| device_update | Grants permission to update scale, printer, and other device information. |
| discount_code_update | Grants permission to update discounts. |
| discount_code_create | Grants permission to create discounts. |
| discount_code_read | Grants permission to view discount information. |
| discount_code_archive | Grants permission to archive discounts. |
| apply_discount | Grants permission to apply manual discounts to orders. |
| apply_discount_code | Grants permission to apply a discount code to an order. |
| discount_type_create | Grants permission to create discount types. |
| discount_type_read | Grants permission to view discount types. |
| document_destroy | Grants permission to destroy documents. |
| facility_information_read | Grants permission to view facility information in the Reports module's Settings tab. |
| facility_information_update | Grants permission to update facility information on the Reports module's Settings tab. |
| harvest_create | Grants permission to create harvests. |
| harvest_archive | Grants permission to archive harvests. |
| harvest_update | Grants permission to update harvests. This includes harvesting plants, outputting harvest weight to a Bulk Lot, destroying harvest waste, and closing or reopening harvests. |
| harvest_read | Grants permission to view harvest information. |
| lab_report_archive | Grants permission to archive lab reports. |
| lab_report_update | Grants permission to update lab reports. This includes updating lab report information, setting a public COA document, and setting a lab report as active. |
| lab_report_create | Grants permission to create lab reports. |
| lab_report_read | Grants permission to view lab report information. |
| location_archive | Grants permission to archive locations. |
| location_create | Grants permission to create locations. This includes both grow rooms and vault locations/picking bins. |
| location_read | Grants permission to view location information and print location labels. |
| location_update | Grants permission to update locations. |
| loyalty_point_destroy | Grants permission to destroy loyalty points. |
| loyalty_point_create | Grants permission to create loyalty points. |
| loyalty_point_update | Grants permission to update loyalty points. |
| archive_all_orders | Grants permission to archive all Shipped or Delivered orders. |
| order_create | Grants permission to create orders. |
| order_read | Grants permission to view the Orders module and order information. |
| order_update | Grants permission to update orders. This includes adding order items, selecting shipping options, applying policy coverage, applying line item discounts, and generating receipts. |
| order_archive | Grants permission to archive a Purchase Order. |
| order_discounts | Grants permission to apply discounts to orders. |
| order_refund | Grants permission to refund orders, including shipping costs. |
| order_return_bottles_when_shipped | Grants permission to return bottles. |
| order_set_delivered | Grants permission to set an order's status to Delivered. |
| order_placed_reset | Grants permission to reset an order to the Placed status. |
| packaging_run_archive | Grants permission to delete Packaging Runs. |
| packaging_run_update | Grants permission to close and reopen Packaging Runs. |
| packaging_run_set_release | Grants permission to release Packaging Runs. |
| packaging_run_move | Grants permission to move Packaging Runs between SKUs. |
| packaging_run_create | Grants permission to create Packaging Runs and Mass Packaging Runs. |
| packaging_run_read | Grants permission to generate a Packaging Run's bottling record. |
| permission_destroy | Grants permission to delete permissions. |
| permission_read | Grants permission to view the menu of permissions. |
| permission_update | Grants permission to update permissions. |
| permission_create | Grants permission to create permissions. |
| physician_update | Grants permission to update or disable physicians. |
| physician_archive | Grants permission to archive and restore physicians. |
| physician_create | Grants permission to create physicians. |
| physician_read | Grants permission to view physician information. |
| plant_read | Grants permission to view plant information and print plant labels. |
| plant_create | Grants permission to create plants. |
| plant_restore | Grants permission to restore destroyed plants or plant waste. |
| plant_archive | Grants permission to destroy plants. |
| plant_update | Grants permission to update individual plants. This includes moving a plant, advancing a plant, marking a plant for wholesale, and updating a plant's mother status. |
| policy_update | Grants permission to update client policies. |
| policy_unarchive | Grants permission to unarchive client policies. |
| policy_archive | Grants permission to archive and unarchive client policies. |
| policy_create | Grants permission to create client policies. |
| policy_type_update | Grants permission to update policy types. |
| policy_type_create | Grants permission to create policy types. |
| policy_type_archive | Grants permission to archive and unarchive policy types. |
| prescription_update | Grants permission to update, archive, and disable prescriptions. |
| prescription_destroy | Grants permission to delete prescriptions. |
| product_read | Grants permission to view product information, print product labels, and generate product reports. |
| product_create | Grants permission to create product types, products, and SKUs. |
| product_archive | Grants permission to archive products. |
| product_update | Grants permission to update product types, products, and SKUs. |
| production_update | Grants permission to update a production's name. |
| production_archive | Grants permission to archive and restore productions. |
| production_create | Grants permission to create productions. |
| production_read | Grants permission to view the Productions index and Production Profiles. |
| purchase_order_create | Grants permission to view, create, and update Payment Terms. |
| qa_release | Grants permission to release or unrelease Bulk Lots. |
| received_inventory_create | Grants permission to create Received Inventories. |
| received_inventory_update | Grants permission to update Received Inventories. This includes returning the inventory |
| received_inventory_finish | Grants permission to mark a Received Inventory as Finished. |
| received_inventory_release | Grants permission to release Received Inventories. |
| report_received_inventory_read | Grants permission to generate the Received Inventory report. |
| received_inventory_revert | Grants permission to revert Received Inventory. |
| received_inventory_read | Grants permission to view the Received Inventory tab in the Products module. |
| refusal_create | Grants permission to refuse clients and orders. |
| refusal_update | Grants permission to update order or client refusals. |
| report_product_read | Grants permission to run product reports. |
| report_order_read | Grants permission to run order reports. |
| report_inventory_read | Grants permission to run inventory reports. |
| report_hc_read | Grants permission to run Health Canada reports, including the CTLS and CRA reports. |
| report_complaint_read | Grants permission to run complaints reports. |
| report_grow_read | Grants permission to run reports on grow room materials. |
| report_client_read | Grants permission to run client reports. |
| report_physician_read | Grants permission to run physician reports. |
| retention_sample_create | Grants permission to create retention samples. |
| retention_sample_destroy | Grants permission to destroy retention samples. |
| retention_sample_read | Grants permission to view retention samples and print retention sample labels. |
| retention_sample_update | Grants permission to update retention samples. |
| returned_grams_update | Grants permission to update or delete a returned grams record. |
| returned_grams_create | Grants permission to return grams to a patient's prescription. |
| returned_grams_delete | Grants permission to delete a returned grams record. |
| sales_channel_update | Grants permission to update sales channels. This includes adding products or clients to a sales channel from the Settings module. |
| sales_channel_archive | Grants permission to archive sales channels. |
| sales_channel_read | Grants permission to view sales channel information. |
| sales_channel_create | Grants permission to create sales channels. |
| sales_order_read | Grants permission to view Sales Order information. |
| sales_order_create | Grants permission to create Sales Orders. |
| sales_order_update | Grants permission to update Sales Orders. |
| security_role_create | Grants permission to create security roles. |
| security_role_destroy | Grants permission to delete security roles. |
| security_role_update | Grants permission to update or archive security roles. |
| security_role_read | Grants permission to view security role information. |
| seed_lot_update | Grants permission to update Seed Lots. This includes moving lots, adding seeds to lots, and moving seeds between lots. |
| seed_lot_create | Grants permission to create Seed Lots. |
| seed_lot_read | Grants permission to view Seed Lot information and print Seed Lot labels. |
| seed_lot_archive | Grants permission to destroy seeds. |
| setting_update | Grants permission to update lab report threshold defaults. |
| shipment_batch_read | Grants permission to view shipment batch information and generate scan forms. |
| shipment_batch_update | Grants permission to update shipment batches. This includes adding and removing orders. |
| shipment_batch_archive | Grants permission to archive shipment batches. |
| shipment_batch_create | Grants permission to create shipment batches. |
| shipment_read | Grants permission to view shipment information. |
| shipment_update | Grants permission to update shipments in the Wholesale application. |
| shipment_create | Grants permission to create shipments in the Wholesale application. |
| strain_update | Grants permission to update cannabis strains. |
| strain_create | Grants permission to add cannabis strains. |
| strain_read | Grants permission to view cannabis strain information. |
| strain_archive | Grants permission to archive cannabis strains. |
| tote_update | Grants permission to update totes. |
| tote_create | Grants permission to create totes. |
| tote_read | Grants permission to view tote information. |
| tote_destroy | Grants permission to delete totes. |
| report_user_admin_read | Grants permission to generate the User Admin report. |
| user_destroy | Grants permission to disable and enable users. |
| user_create | Grants permission to create user accounts. |
| user_update | Grants permission to update users. This includes resetting a user's password and adjusting a user's security roles. |
| user_read | Grants permission to view user information. |
| vendor_archive | Grants permission to archive vendors in the Wholesale application. |
| vendor_read | Grants permission to view vendor information and vendor contact information. |
| vendor_update | Grants permission to update vendors and vendor contacts. |
| website_update | Grants permission to update or archive vendor websites. |
| website_read | Grants permission to view vendor website information. |
| website_create | Grants permission to add vendor websites. |
| weight_event_create | Grants permission to create manual weight events. |
| work_order_close | Grants permission to close Work Orders. |
| work_order_create | Grants permission to create Work Orders. This includes adding additional inputs to existing Work Orders. |
| work_order_update | Grants permission to update Work Orders. |
| work_order_finalize | Grants permission to finalize Work Orders. |
| tax_type_create | Grants permission to create a tax type in the Wholesale application. |
| tax_type_read | Grants permission to view tax type information. |
| tax_type_update | Grants permission to update or archive tax types. |
CSR
The CSR security role is designed for the licence holder's team of Customer Service Representatives-or CSRs-and allows the user access to essential customer service functions in the Clients and Orders modules.This enables a user to create and manage Client Profiles, record customer complaints, and create and process orders. The CSR security role also grants the user complete access to the Discounts module, to create and modify discounts. Additionally, the user has access to the Physicians tab in the Medical Settings module, which allows them to add to and edit the index of prescribing physicians.
Permissions
| Permission Name | Description |
| complaint_update | Grants permission to update complaints. This includes adding entries in the Pertains To section. |
| complaint_create | Grants permission to create complaints. |
| complaint_read | Grants permission to view the Complaints module, download Complaint PDF reports, and access Complaints Reports in the Reports module. |
| sales_channel_read | Grants permission to view sales channel information. |
| order_read | Grants permission to view the Orders module and order information. |
| order_create | Grants permission to create orders. |
| order_update | Grants permission to update orders. This includes adding order items, selecting shipping options, applying policy coverage, applying line item discounts, and generating receipts. |
| client_read | Grants permission to view client information. |
| client_create | Grants permission to create new clients, configure medical profiles, create new prescriptions, and create new registrations via amendment. |
| client_update | Grants permission to update clients. This includes adding or removing clients from sales channels and sending emails through the Email Logs tab. |
| client_archive | Grants permission to archive clients and their associated registrations. |
| product_read | Grants permission to view product information, print product labels, and generate product reports. |
| order_discounts | Grants permission to apply discounts to orders. |
| prescription_destroy | Grants permission to delete prescriptions. |
| physician_create | Grants permission to create physicians. |
| physician_read | Grants permission to view physician information. |
| physician_update | Grants permission to update or disable physicians. |
| physician_archive | Grants permission to archive and restore physicians. |
| production_read | Grants permission to view the Productions index and Production Profiles. |
| discount_code_create | Grants permission to create discounts. |
| discount_code_read | Grants permission to view information in the Discounts module. |
| discount_code_update | Grants permission to update discounts. |
| discount_code_archive | Grants permission to archive discounts. |
| apply_discount | Grants permission to apply manual discounts to orders. |
| apply_discount_code | Grants permission to apply a discount code to an order. |
CSR Super
The CSR Super security role is designed for the licence holder's Customer Service Manager(s), and grants the user access to extended customer service functions. In addition to the permissions granted by the standard CSR security role, a CSR Super user has the authority to delete unapproved clients, update prescription information, and refund orders. The CSR Super security role also affords the user access to the Products module, where they can independently create new products and SKUs, and enables the user to create and modify sales channels in the Settings module. CSR Super is the only role, aside from Admin, with access to AmpleCare.
Permissions
| Permission Name | Description |
| complaint_update | Grants permission to update complaints. This includes adding entries in the Pertains To section. |
| complaint_create | Grants permission to create complaints. |
| complaint_read | Grants permission to view the Complaints module, download Complaint PDF reports, and access Complaints Reports in the Reports module. |
| order_read | Grants permission to view the Orders module and order information. |
| order_create | Grants permission to create orders. |
| order_update | Grants permission to update orders. This includes adding order items, selecting shipping options, applying policy coverage, applying line item discounts, and generating receipts. |
| client_read | Grants permission to view client information. |
| client_create | Grants permission to create new clients, configure medical profiles, create new prescriptions, and create new registrations via amendment. |
| client_update | Grants permission to update clients. This includes adding or removing clients from sales channels and sending emails through the Email Logs tab. |
| client_archive | Grants permission to archive clients and their associated registrations. |
| client_delete | Grants permission to delete clients. |
| product_read | Grants permission to view product information, print product labels, and generate product reports. |
| product_create | Grants permission to create product types, products, and SKUs. |
| product_archive | Grants permission to archive products. |
| product_update | Grants permission to update product types, products, and SKUs. |
| order_discounts | Grants permission to apply discounts to orders. |
| sales_channel_read | Grants permission to view sales channel information. |
| sales_channel_update | Grants permission to update sales channels. This includes adding products or clients to a sales channel from the Settings module. |
| sales_channel_archive | Grants permission to archive sales channels. |
| sales_channel_create | Grants permission to create sales channels. |
| prescription_destroy | Grants permission to delete prescriptions. |
| prescription_update | Grants permission to update, archive, and disable prescriptions. |
| order_refund | Grants permission to refund orders, including shipping costs. |
| physician_create | Grants permission to create physicians. |
| physician_read | Grants permission to view physician information. |
| physician_update | Grants permission to update or disable physicians. |
| physician_archive | Grants permission to archive and restore physicians. |
| document_destroy | Grants permission to destroy documents. |
| production_read | Grants permission to view the Productions index and Production Profiles. |
| discount_code_create | Grants permission to create discounts. |
| discount_code_read | Grants permission to view information in the Discounts module. |
| discount_code_update | Grants permission to update discounts. |
| discount_code_archive | Grants permission to archive discounts. |
| apply_discount | Grants permission to apply manual discounts to orders. |
| apply_discount_code | Grants permission to apply a discount code to an order. |
| ample_care_read | Grants permission to view and open the AmpleCare tab in the Clients module. |
| ample_care_update | Grants permission to update existing clients through AmpleCare. |
| ample_care_create | Grants permission to accept or reject a new client or prescription though AmpleCare. |
Vault
The Vault security role is designed for the licence holder's team of Packaging Associates and Fulfillment Associates, and grants the user access to essential packaging and shipping functions in the Productions and Shipping modules on the Seed-to-Sale platform, as well as to Packaging Runs and Order Fulfillment on the Gun App. This enables the user to organize bulk cannabis into totes, create Packaging Runs and Mass Packaging Runs, fulfill orders, and create and modify shipment batches. A Vault user can also move Packaging Runs between SKUs. Additionally, users with the Vault security role can view information in the Clients, Products, Orders, and Medical Settings modules, but the role restricts the user from altering data.
Permissions
| Permission Name | Description |
| production_read | Grants permission to view the Productions index and Production Profiles. |
| product_read | Grants permission to view product information, print product labels, and generate product reports. |
| order_read | Grants permission to view the Orders module and order information. |
| client_read | Grants permission to view client information. |
| packaging_run_create | Grants permission to create Packaging Runs and Mass Packaging Runs. |
| archive_all_orders | Grants permission to archive all Shipped or Delivered orders. |
| physician_read | Grants permission to view physician information. |
| tote_create | Grants permission to create totes. |
| tote_update | Grants permission to update totes. |
| tote_read | Grants permission to view tote information. |
| sales_channel_read | Grants permission to view sales channel information. |
| shipment_batch_create | Grants permission to create shipment batches. |
| shipment_batch_read | Grants permission to view shipment batch information and generate scan forms. |
| shipment_batch_update | Grants permission to update shipment batches. This includes adding and removing orders. |
| shipment_batch_archive | Grants permission to archive shipment batches. |
| packaging_run_move | Grants permission to move Packaging Runs between SKUs. |
Vault Super
The Vault Super security role is designed for Packaging and Fulfillment managers and supervisors, and grants the user complete access to packaging and shipping functions in the Productions and Shipping modules on the Seed-to-Sale platform, as well as the Packaging Runs and Order Fulfillment modules on the Gun App. In addition to the permissions granted by the standard Vault security role, a Vault Super user can update lab reports, destroy documents, and create and modify retention samples, vault locations, and picking bins in the Productions module. The Vault Super security role also affords the user access to the Products module, where they can independently create new products and SKUs. Vault Super is the only role, aside from Admin, with permission to archive or delete Packaging Runs.
Permissions
| Permission Name | Description |
| packaging_run_create | Grants permission to create Packaging Runs and Mass Packaging Runs. |
| product_read | Grants permission to view product information, print product labels, and generate product reports. |
| product_create | Grants permission to create product types, products, and SKUs. |
| product_archive | Grants permission to archive products. |
| product_update | Grants permission to update product types, products, and SKUs. |
| production_read | Grants permission to view the Productions index and Production Profiles. |
| production_create | Grants permission to create productions. |
| production_update | Grants permission to update a production's name. |
| production_archive | Grants permission to archive and restore productions. |
| weight_event_create | Grants permission to create manual weight events. |
| client_read | Grants permission to view client information. |
| order_read | Grants permission to view the Orders module and order information. |
| sales_channel_read | Grants permission to view sales channel information. |
| packaging_run_update | Grants permission to close and reopen Packaging Runs. |
| packaging_run_read | Grants permission to generate a Packaging Run's bottling record. |
| packaging_run_archive | Grants permission to delete Packaging Runs. |
| lab_report_update | Grants permission to update lab reports. This includes updating lab report information, setting a public COA document, and setting a lab report as active. |
| archive_all_orders | Grants permission to archive all Shipped or Delivered orders. |
| physician_read | Grants permission to view physician information. |
| document_destroy | Grants permission to destroy documents. |
| packaging_run_move | Grants permission to move Packaging Runs between SKUs. |
| shipment_batch_create | Grants permission to create shipment batches. |
| shipment_batch_read | Grants permission to view shipment batch information and generate scan forms. |
| shipment_batch_update | Grants permission to update shipment batches. This includes adding and removing orders. |
| shipment_batch_archive | Grants permission to archive shipment batches. |
| tote_create | Grants permission to create totes. |
| tote_update | Grants permission to update totes. |
| tote_destroy | Grants permission to delete totes. |
| tote_read | Grants permission to view tote information. |
| retention_sample_create | Grants permission to create retention samples. |
| retention_sample_read | Grants permission to view retention samples and print retention sample labels. |
| retention_sample_update | Grants permission to update retention samples. |
| retention_sample_destroy | Grants permission to destroy retention samples. |
| location_create | Grants permission to create locations. This includes both grow rooms and vault locations/picking bins. |
| location_read | Grants permission to view location information and print location labels. |
| location_update | Grants permission to update locations. |
| location_archive | Grants permission to archive locations. |
| destruction_lot_read | Grants permission to view the Destruction module and Destruction Lot information. |
| received_inventory_read | Grants permission to view the Received Inventory tab in the Products module. |
| received_inventory_release | Grants permission to release Received Inventories. |
| received_inventory_update | Grants permission to update Received Inventories. This includes returning the inventory. |
| received_inventory_revert | Grants permission to revert Received Inventory. |
| received_inventory_create | Grants permission to create Received Inventories. |
| report_received_inventory_read | Grants permission to generate the Received Inventory report. |
QA
The QA security role is designed for the licence holder's Quality Assurance team, and grants the user access to basic QA functions in the Productions module. This enables the user to create and update lab reports, create and update retention samples, and manually create weight events. A QA user also has limited access to the Complaints module, where they can view, create, and update complaints from clients. Additionally, the QA security role allows the user to view information in the Clients, Orders, Products, Medical Settings, and Destruction modules, but restricts the user from altering data.
Permissions
| Permission Name | Description |
| complaint_update | Grants permission to update complaints. This includes adding entries in the Pertains To section. |
| complaint_create | Grants permission to create complaints. |
| complaint_read | Grants permission to view the Complaints module, download Complaint PDF reports, and access Complaints Reports in the Reports module. |
| lab_report_create | Grants permission to create lab reports. |
| lab_report_update | Grants permission to update lab reports. This includes updating lab report information, setting a public COA document, and setting a lab report as active. |
| retention_sample_create | Grants permission to create retention samples. |
| retention_sample_read | Grants permission to view retention samples and print retention sample labels. |
| retention_sample_update | Grants permission to update retention samples. |
| sales_channel_read | Grants permission to view sales channel information. |
| order_read | Grants permission to view the Orders module and order information. |
| client_read | Grants permission to view client information. |
| production_read | Grants permission to view the Productions index and Production Profiles. |
| product_read | Grants permission to view product information, print product labels, and generate product reports. |
| physician_read | Grants permission to view physician information. |
| weight_event_create | Grants permission to create manual weight events. |
| destruction_lot_read | Grants permission to view the Destruction module and Destruction Lot information. |
QA Super
The QA Super security role is designed for Quality Assurance managers and supervisors, and grants the user complete access to all QA functions in the Productions module. In addition to the permissions granted by the standard QA security role, a QA Super user has the authority to create and modify Productions and Bulk Lots, create and modify vault locations and picking bins, and destroy retention samples and COA documents. A QA Super also has access to the Products module, where they can create and modify products and SKUs. The QA Super should be the only role with permission to release or unrelease Bulk Lots.
Permissions
| Permission Name | Description |
| complaint_update | Grants permission to update complaints. This includes adding entries in the Pertains To section. |
| complaint_create | Grants permission to create complaints. |
| complaint_read | Grants permission to view the Complaints module, download Complaint PDF reports, and access Complaints Reports in the Reports module. |
| lab_report_create | Grants permission to create lab reports. |
| lab_report_update | Grants permission to update lab reports. This includes updating lab report information, setting a public COA document, and setting a lab report as active. |
| product_read | Grants permission to view product information, print product labels, and generate product reports. |
| product_create | Grants permission to create product types, products, and SKUs. |
| product_archive | Grants permission to archive products. |
| product_update | Grants permission to update product types, products, and SKUs. |
| weight_event_create | Grants permission to create manual weight events. |
| sales_channel_read | Grants permission to view sales channel information. |
| order_read | Grants permission to view the Orders module and order information. |
| client_read | Grants permission to view client information. |
| production_read | Grants permission to view the Productions index and Production Profiles. |
| production_update | Grants permission to update a production's name. |
| production_create | Grants permission to create productions. |
| production_archive | Grants permission to archive and restore productions. |
| qa_release | Grants permission to release or unrelease Bulk Lots. |
| packaging_run_update | Grants permission to close and reopen Packaging Runs. |
| archive_all_orders | Grants permission to archive all Shipped or Delivered orders. |
| physician_read | Grants permission to view physician information. |
| document_destroy | Grants permission to destroy documents. |
| retention_sample_create | Grants permission to create retention samples. |
| retention_sample_read | Grants permission to view retention samples and print retention sample labels. |
| retention_sample_update | Grants permission to update retention samples. |
| retention_sample_destroy | Grants permission to destroy retention samples. |
| location_create | Grants permission to create locations. This includes both grow rooms and vault locations/picking bins. |
| location_read | Grants permission to view location information and print location labels. |
| location_update | Grants permission to update locations. |
| location_archive | Grants permission to archive locations. |
| destruction_lot_read | Grants permission to view the Destruction module and Destruction Lot information. |
| received_inventory_read | Grants permission to view the Received Inventory tab in the Products module. |
| received_inventory_release | Grants permission to release Received Inventories. |
| received_inventory_update | Grants permission to update Received Inventories. This includes returning the inventory. |
| received_inventory_revert | Grants permission to revert Received Inventory. |
| received_inventory_create | Grants permission to create Received Inventories. |
| report_received_inventory_read | Grants permission to generate the Received Inventory report. |
| bulk_lot_transfer | Grants permission to transfer weight between Bulk Lots. |
| bulk_lot_split | Grants permission to split Bulk Lots. |
| bulk_lot_archive | Grants permission to archive Bulk Lots. |
Grow
The Grow security role is designed for Grow Technicians, and grants the user basic access to the Grow module and the corresponding Grow Room module on the Gun App. This enables the user to perform basic grow room functions such as creating batches and moving or advancing plants.
Permissions
| Permission Name | Description |
| seed_lot_read | Grants permission to view Seed Lot information and print Seed Lot labels. |
| seed_lot_update | Grants permission to update Seed Lots. This includes moving lots, adding seeds to lots, and moving seeds between lots. |
| strain_read | Grants permission to view cannabis strain information. |
| batch_create | Grants permission to create batches. This includes creating a new batch via splitting. |
| batch_read | Grants permission to view batch information. |
| batch_update | Grants permission to update batches. This includes splitting or combining batches, opening a batch for harvest, marking a batch for wholesale, and destroying or restoring batch waste. |
| plant_create | Grants permission to create plants. |
| plant_read | Grants permission to view plant information and print plant labels. |
| plant_update | Grants permission to update individual plants. This includes moving a plant, advancing a plant, marking a plant for wholesale, and updating a plant's mother status. |
| plant_archive | Grants permission to destroy plants. |
| destruction_lot_read | Grants permission to view the Destruction module and Destruction Lot information. |
| harvest_read | Grants permission to view harvest information. |
Grow Super
The Grow Super security role is designed for Grow Room managers and supervisors, and grants the user complete access to all functions within the Grow module and the corresponding Grow Room module on the Gun App. In addition to the permissions granted by the standard Grow security role, a Grow Super user has the authority to create new Seed Lots, create new strains, perform harvests, and destroy plant material. The Grow Super also has increased access to the Destruction module, and can create, close, and destroy Destruction Lots.
Permissions
| Permission Name | Description |
| seed_lot_create | Grants permission to create Seed Lots. |
| seed_lot_read | Grants permission to view Seed Lot information and print Seed Lot labels. |
| seed_lot_update | Grants permission to update Seed Lots. This includes moving lots, adding seeds to lots, and moving seeds between lots. |
| strain_create | Grants permission to add cannabis strains. |
| strain_read | Grants permission to view cannabis strain information. |
| strain_update | Grants permission to update cannabis strains. |
| strain_archive | Grants permission to archive cannabis strains. |
| batch_create | Grants permission to create batches. This includes creating a new batch via splitting. |
| batch_read | Grants permission to view batch information. |
| batch_update | Grants permission to update batches. This includes splitting or combining batches, opening a batch for harvest, marking a batch for wholesale, and destroying or restoring batch waste. |
| batch_archive | Grants permission to archive batches. |
| plant_create | Grants permission to create plants. |
| plant_read | Grants permission to view plant information and print plant labels. |
| plant_update | Grants permission to update individual plants. This includes moving a plant, advancing a plant, marking a plant for wholesale, and updating a plant's mother status. |
| plant_archive | Grants permission to destroy plants. |
| plant_restore | Grants permission to restore destroyed plants or plant waste. |
| destruction_lot_create | Grants permission to create Destruction Lots and sublots. |
| destruction_lot_read | Grants permission to view the Destruction module and Destruction Lot information. |
| destruction_lot_update | Grants permission to update Destruction Lots and sublots. This includes closing, reopening, and destroying lots. |
| destruction_lot_archive | Grants permission to archive Destruction Lots and sublots. |
| harvest_create | Grants permission to create harvests. |
| harvest_read | Grants permission to view harvest information. |
| harvest_update | Grants permission to update harvests. This includes harvesting plants, outputting harvest weight to a Bulk Lot, destroying harvest waste, and closing or reopening harvests. |
| harvest_archive | Grants permission to archive harvests. |
View Only
The View Only security role allows the user to view all modules and pages on the Seed-to-Sale platform, but restricts the user from altering data.
Permissions
| Permission Name | Description |
| client_read | Grants permission to view client information. |
| order_read | Grants permission to view the Orders module and order information. |
| sales_channel_read | Grants permission to view sales channel information. |
| location_read | Grants permission to view location information and print location labels. |
| physician_read | Grants permission to view physician information. |
| product_read | Grants permission to view product information, print product labels, and generate product reports. |
| production_read | Grants permission to view the Productions index and Production Profiles. |
| lab_report_read | Grants permission to view lab report information. |
| complaint_read | Grants permission to view the Complaints module, download Complaint PDF reports, and access Complaints Reports in the Reports module. |
| packaging_run_read | Grants permission to generate a Packaging Run's bottling record. |
| shipment_batch_read | Grants permission to view shipment batch information and generate scan forms. |
Report Only
The Report Only security role allows the user to generate any report in the Reports module. A Report Only user can also view information in the Grow, Medical Settings, and Destruction modules, but the role restricts the user from altering data.
Permissions
| Permission Name | Description |
| sales_channel_read | Grants permission to view sales channel information. |
| report_client_read | Grants permission to run client reports. |
| report_physician_read | Grants permission to run phyisican reports. |
| report_product_read | Grants permission to run product reports. |
| report_order_read | Grants permission to run order reports. |
| report_inventory_read | Grants permission to run inventory reports. |
| report_hc_read | Grants permission to run Health Canada reports, including the CTLS and CRA reports. |
| report_complaint_read | Grants permission to run complaints reports. |
| report_sales_read | Grants permission to run sales reports. |
| report_accounting_read | Grants permission to run accounting reports. |
| physician_read | Grants permission to view physician information. |
| destruction_lot_read | Grants permission to view the Destruction module and Destruction Lot information. |
| strain_read | Grants permission to view cannabis strain information. |
| batch_read | Grants permission to view batch information. |
| report_grow_read | Grants permission to run reports on grow room materials. |
Visit the User Management tab in the Settings module to Create a New Security Role.