Security Roles & Permissions
The Seed-to-Sale software provides a menu of default security roles that determine the modules and functions users can
access depending on their position or rank. Administrators can customize these roles, or create new roles altogether, to
better suit the needs of their facility. However, Ample Organics recommends the licence holder adhere as closely as
possible to the default security roles.
mceclip0.png
Select a security role from the list below to read a brief description and a list of permissions associated with the
role.
- Admin
- CSR
- CSR Super
- Vault
- Vault Super
- QA
- QA Super
- Grow
- Grow Super
- View Only
- Report Only
Admin
The Admin security role grants the user access to all functions across the Seed-to-Sale platform and Gun App. An Admin
user is the only role with access to the User Management tab in the Settings module, where they can create new users,
assign security roles, and customize available security roles and their associated permissions. Ample Organics suggests
that licence holders limit Admin access to select high-ranking managers.
Permissions
The Admin security role includes all permissions.
| | | | --- | --- | | Permission Name | Description | | address_archive | Grants permission to delete a vendor address
in the Wholesale application. | | address_update | Grants permission to create or update a vendor address in the
Wholesale application. | | address_read | Grants permission to delete a vendor address in the Wholesale application. | |
ample_care_read | Grants permission to view and open the AmpleCare tab in the Clients module. | | ample_care_update |
Grants permission to update existing clients through AmpleCare. | | ample_care_create | Grants permission to accept or
reject a new client or prescription though AmpleCare. | | batch_update | Grants permission to update batches. This
includes splitting or combining batches, opening a batch for harvest, marking a batch for wholesale, and destroying or
restoring batch waste. | | batch_create | Grants permission to create batches. This includes creating a new batch via
splitting. | | batch_read | Grants permission to view batch information. | | batch_archive | Grants permission to
archive batches. | | reclaim_bottles_create | Grants permission to reclaim bottles. | | bulk_lot_transfer | Grants
permission to transfer weight between Bulk Lots. | | bulk_lot_archive | Grants permission to archive Bulk Lots. | |
bulk_lot_update_name | Grants permission to update a Bulk Lot's name | | bulk_lot_split | Grants permission to split
Bulk Lots. | | call_log_destroy | Grants permission to delete call logs. | | call_log_update | Grants permission to
update call logs. | | call_log_create | Grants permission to create call logs. | | call_log_read | Grants permission to
view the Call Logs tab in the Clients module. | | casing_run_read | Grants permission to view the Casing Runs tab in the
Products module, and generate casing records. | | casing_run_restock | Grants permission to restock cases. | |
casing_run_create | Grants permission to create Casing Runs. | | client_delete | Grants permission to delete clients. |
| client_update_client_id | Grants permission to update a client's ID string, which serves as the client's username on
the Client Portal. | | client_create | Grants permission to create new clients, configure medical profiles, create new
prescriptions, and create new registrations via amendment. | | client_read | Grants permission to view client
information. | | client_update | Grants permission to update clients. This includes adding or removing clients from
sales channels and sending emails through the Email Logs tab. | | client_archive | Grants permission to archive clients
and their associated registrations. | | complaint_create | Grants permission to create complaints. | | complaint_archive
| Grants permission to archive complaints. | | complaint_update | Grants permission to update complaints. This includes
adding entries in the Pertains To section. | | complaint_read | Grants permission to view the Complaints module,
download Complaint PDF reports, and access Complaints Reports in the Reports module. | | credit_card_create | Grants
permission to log credit card information. | | credit_card_destroy | Grants permission to delete credit card
information. | | destruction_lot_read | Grants permission to view the Destruction module and Destruction Lot
information. | | destruction_lot_archive | Grants permission to archive Destruction Lots and sublots. | |
destruction_lot_create | Grants permission to create Destruction Lots and sublots. | | destruction_lot_update | Grants
permission to update Destruction Lots and sublots. This includes closing, reopening, and destroying lots. | |
device_create | Grants permission to add scales, printers, and other devices. | | device_update | Grants permission to
update scale, printer, and other device information. | | discount_code_update | Grants permission to update discounts. |
| discount_code_create | Grants permission to create discounts. | | discount_code_read | Grants permission to view
discount information. | | discount_code_archive | Grants permission to archive discounts. | | apply_discount | Grants
permission to apply manual discounts to orders. | | apply_discount_code | Grants permission to apply a discount code to
an order. | | discount_type_create | Grants permission to create discount types. | | discount_type_read | Grants
permission to view discount types. | | document_destroy | Grants permission to destroy documents. | |
facility_information_read | Grants permission to view facility information in the Reports module's Settings tab. | |
facility_information_update | Grants permission to update facility information on the Reports module's Settings tab. | |
harvest_create | Grants permission to create harvests. | | harvest_archive | Grants permission to archive harvests. | |
harvest_update | Grants permission to update harvests. This includes harvesting plants, outputting harvest weight to a
Bulk Lot, destroying harvest waste, and closing or reopening harvests. | | harvest_read | Grants permission to view
harvest information. | | lab_report_archive | Grants permission to archive lab reports. | | lab_report_update | Grants
permission to update lab reports. This includes updating lab report information, setting a public COA document, and
setting a lab report as active. | | lab_report_create | Grants permission to create lab reports. | | lab_report_read |
Grants permission to view lab report information. | | location_archive | Grants permission to archive locations. | |
location_create | Grants permission to create locations. This includes both grow rooms and vault locations/picking bins.
| | location_read | Grants permission to view location information and print location labels. | | location_update |
Grants permission to update locations. | | loyalty_point_destroy | Grants permission to destroy loyalty points. | |
loyalty_point_create | Grants permission to create loyalty points. | | loyalty_point_update | Grants permission to
update loyalty points. | | archive_all_orders | Grants permission to archive all Shipped or Delivered orders. | |
order_create | Grants permission to create orders. | | order_read | Grants permission to view the Orders module and
order information. | | order_update | Grants permission to update orders. This includes adding order items, selecting
shipping options, applying policy coverage, applying line item discounts, and generating receipts. | | order_archive |
Grants permission to archive a Purchase Order. | | order_discounts | Grants permission to apply discounts to orders. | |
order_refund | Grants permission to refund orders, including shipping costs. | | order_return_bottles_when_shipped |
Grants permission to return bottles. | | order_set_delivered | Grants permission to set an order's status to Delivered.
| | order_placed_reset | Grants permission to reset an order to the Placed status. | | packaging_run_archive | Grants
permission to delete Packaging Runs. | | packaging_run_update | Grants permission to close and reopen Packaging Runs. |
| packaging_run_set_release | Grants permission to release Packaging Runs. | | packaging_run_move | Grants permission to
move Packaging Runs between SKUs. | | packaging_run_create | Grants permission to create Packaging Runs and Mass
Packaging Runs. | | packaging_run_read | Grants permission to generate a Packaging Run's bottling record. | |
permission_destroy | Grants permission to delete permissions. | | permission_read | Grants permission to view the menu
of permissions. | | permission_update | Grants permission to update permissions. | | permission_create | Grants
permission to create permissions. | | physician_update | Grants permission to update or disable physicians. | |
physician_archive | Grants permission to archive and restore physicians. | | physician_create | Grants permission to
create physicians. | | physician_read | Grants permission to view physician information. | | plant_read | Grants
permission to view plant information and print plant labels. | | plant_create | Grants permission to create plants. | |
plant_restore | Grants permission to restore destroyed plants or plant waste. | | plant_archive | Grants permission to
destroy plants. | | plant_update | Grants permission to update individual plants. This includes moving a plant,
advancing a plant, marking a plant for wholesale, and updating a plant's mother status. | | policy_update | Grants
permission to update client policies. | | policy_unarchive | Grants permission to unarchive client policies. | |
policy_archive | Grants permission to archive and unarchive client policies. | | policy_create | Grants permission to
create client policies. | | policy_type_update | Grants permission to update policy types. | | policy_type_create |
Grants permission to create policy types. | | policy_type_archive | Grants permission to archive and unarchive policy
types. | | prescription_update | Grants permission to update, archive, and disable prescriptions. | |
prescription_destroy | Grants permission to delete prescriptions. | | product_read | Grants permission to view product
information, print product labels, and generate product reports. | | product_create | Grants permission to create
product types, products, and SKUs. | | product_archive | Grants permission to archive products. | | product_update |
Grants permission to update product types, products, and SKUs. | | production_update | Grants permission to update a
production's name. | | production_archive | Grants permission to archive and restore productions. | | production_create
| Grants permission to create productions. | | production_read | Grants permission to view the Productions index and
Production Profiles. | | purchase_order_create | Grants permission to view, create, and update Payment Terms. | |
qa_release | Grants permission to release or unrelease Bulk Lots. | | received_inventory_create | Grants permission to
create Received Inventories. | | received_inventory_update | Grants permission to update Received Inventories. This
includes returning the inventory | | received_inventory_finish | Grants permission to mark a Received Inventory as
Finished. | | received_inventory_release | Grants permission to release Received Inventories. | |
report_received_inventory_read | Grants permission to generate the Received Inventory report. | |
received_inventory_revert | Grants permission to revert Received Inventory. | | received_inventory_read | Grants
permission to view the Received Inventory tab in the Products module. | | refusal_create | Grants permission to refuse
clients and orders. | | refusal_update | Grants permission to update order or client refusals. | | report_product_read |
Grants permission to run product reports. | | report_order_read | Grants permission to run order reports. | |
report_inventory_read | Grants permission to run inventory reports. | | report_hc_read | Grants permission to run Health
Canada reports, including the CTLS and CRA reports. | | report_complaint_read | Grants permission to run complaints
reports. | | report_grow_read | Grants permission to run reports on grow room materials. | | report_client_read | Grants
permission to run client reports. | | report_physician_read | Grants permission to run physician reports. | |
retention_sample_create | Grants permission to create retention samples. | | retention_sample_destroy | Grants
permission to destroy retention samples. | | retention_sample_read | Grants permission to view retention samples and
print retention sample labels. | | retention_sample_update | Grants permission to update retention samples. | |
returned_grams_update | Grants permission to update or delete a returned grams record. | | returned_grams_create |
Grants permission to return grams to a patient's prescription. | | returned_grams_delete | Grants permission to delete a
returned grams record. | | sales_channel_update | Grants permission to update sales channels. This includes adding
products or clients to a sales channel from the Settings module. | | sales_channel_archive | Grants permission to
archive sales channels. | | sales_channel_read | Grants permission to view sales channel information. | |
sales_channel_create | Grants permission to create sales channels. | | sales_order_read | Grants permission to view
Sales Order information. | | sales_order_create | Grants permission to create Sales Orders. | | sales_order_update |
Grants permission to update Sales Orders. | | security_role_create | Grants permission to create security roles. | |
security_role_destroy | Grants permission to delete security roles. | | security_role_update | Grants permission to
update or archive security roles. | | security_role_read | Grants permission to view security role information. | |
seed_lot_update | Grants permission to update Seed Lots. This includes moving lots, adding seeds to lots, and moving
seeds between lots. | | seed_lot_create | Grants permission to create Seed Lots. | | seed_lot_read | Grants permission
to view Seed Lot information and print Seed Lot labels. | | seed_lot_archive | Grants permission to destroy seeds. | |
setting_update | Grants permission to update lab report threshold defaults. | | shipment_batch_read | Grants permission
to view shipment batch information and generate scan forms. | | shipment_batch_update | Grants permission to update
shipment batches. This includes adding and removing orders. | | shipment_batch_archive | Grants permission to archive
shipment batches. | | shipment_batch_create | Grants permission to create shipment batches. | | shipment_read | Grants
permission to view shipment information. | | shipment_update | Grants permission to update shipments in the Wholesale
application. | | shipment_create | Grants permission to create shipments in the Wholesale application. | | strain_update
| Grants permission to update cannabis strains. | | strain_create | Grants permission to add cannabis strains. | |
strain_read | Grants permission to view cannabis strain information. | | strain_archive | Grants permission to archive
cannabis strains. | | tote_update | Grants permission to update totes. | | tote_create | Grants permission to create
totes. | | tote_read | Grants permission to view tote information. | | tote_destroy | Grants permission to delete totes.
| | report_user_admin_read | Grants permission to generate the User Admin report. | | user_destroy | Grants permission
to disable and enable users. | | user_create | Grants permission to create user accounts. | | user_update | Grants
permission to update users. This includes resetting a user's password and adjusting a user's security roles. | |
user_read | Grants permission to view user information. | | vendor_archive | Grants permission to archive vendors in the
Wholesale application. | | vendor_read | Grants permission to view vendor information and vendor contact information. |
| vendor_update | Grants permission to update vendors and vendor contacts. | | website_update | Grants permission to
update or archive vendor websites. | | website_read | Grants permission to view vendor website information. | |
website_create | Grants permission to add vendor websites. | | weight_event_create | Grants permission to create manual
weight events. | | work_order_close | Grants permission to close Work Orders. | | work_order_create | Grants permission
to create Work Orders. This includes adding additional inputs to existing Work Orders. | | work_order_update | Grants
permission to update Work Orders. | | work_order_finalize | Grants permission to finalize Work Orders. | |
tax_type_create | Grants permission to create a tax type in the Wholesale application. | | tax_type_read | Grants
permission to view tax type information. | | tax_type_update | Grants permission to update or archive tax types. |
CSR
The CSR security role is designed for the licence holder's team of Customer Service Representatives-or CSRs-and allows
the user access to essential customer service functions in the Clients and Orders modules.This enables a user to create
and manage Client Profiles, record customer complaints, and create and process orders. The CSR security role also grants
the user complete access to the Discounts module, to create and modify discounts. Additionally, the user has access to
the Physicians tab in the Medical Settings module, which allows them to add to and edit the index of prescribing
physicians.
Permissions
| | | | --- | --- | | Permission Name | Description | | complaint_update | Grants permission to update complaints. This
includes adding entries in the Pertains To section. | | complaint_create | Grants permission to create complaints. | |
complaint_read | Grants permission to view the Complaints module, download Complaint PDF reports, and access Complaints
Reports in the Reports module. | | sales_channel_read | Grants permission to view sales channel information. | |
order_read | Grants permission to view the Orders module and order information. | | order_create | Grants permission to
create orders. | | order_update | Grants permission to update orders. This includes adding order items, selecting
shipping options, applying policy coverage, applying line item discounts, and generating receipts. | | client_read |
Grants permission to view client information. | | client_create | Grants permission to create new clients, configure
medical profiles, create new prescriptions, and create new registrations via amendment. | | client_update | Grants
permission to update clients. This includes adding or removing clients from sales channels and sending emails through
the Email Logs tab. | | client_archive | Grants permission to archive clients and their associated registrations. | |
product_read | Grants permission to view product information, print product labels, and generate product reports. | |
order_discounts | Grants permission to apply discounts to orders. | | prescription_destroy | Grants permission to delete
prescriptions. | | physician_create | Grants permission to create physicians. | | physician_read | Grants permission to
view physician information. | | physician_update | Grants permission to update or disable physicians. | |
physician_archive | Grants permission to archive and restore physicians. | | production_read | Grants permission to view
the Productions index and Production Profiles. | | discount_code_create | Grants permission to create discounts. | |
discount_code_read | Grants permission to view information in the Discounts module. | | discount_code_update | Grants
permission to update discounts. | | discount_code_archive | Grants permission to archive discounts. | | apply_discount |
Grants permission to apply manual discounts to orders. | | apply_discount_code | Grants permission to apply a discount
code to an order. |
CSR Super
The CSR Super security role is designed for the licence holder's Customer Service Manager(s), and grants the user access
to extended customer service functions. In addition to the permissions granted by the standard CSR security role, a CSR
Super user has the authority to delete unapproved clients, update prescription information, and refund orders. The CSR
Super security role also affords the user access to the Products module, where they can independently create new
products and SKUs, and enables the user to create and modify sales channels in the Settings module. CSR Super is the
only role, aside from Admin, with access to AmpleCare.
Permissions
| | | | --- | --- | | Permission Name | Description | | complaint_update | Grants permission to update complaints. This
includes adding entries in the Pertains To section. | | complaint_create | Grants permission to create complaints. | |
complaint_read | Grants permission to view the Complaints module, download Complaint PDF reports, and access Complaints
Reports in the Reports module. | | order_read | Grants permission to view the Orders module and order information. | |
order_create | Grants permission to create orders. | | order_update | Grants permission to update orders. This includes
adding order items, selecting shipping options, applying policy coverage, applying line item discounts, and generating
receipts. | | client_read | Grants permission to view client information. | | client_create | Grants permission to
create new clients, configure medical profiles, create new prescriptions, and create new registrations via amendment. |
| client_update | Grants permission to update clients. This includes adding or removing clients from sales channels and
sending emails through the Email Logs tab. | | client_archive | Grants permission to archive clients and their
associated registrations. | | client_delete | Grants permission to delete clients. | | product_read | Grants permission
to view product information, print product labels, and generate product reports. | | product_create | Grants permission
to create product types, products, and SKUs. | | product_archive | Grants permission to archive products. | |
product_update | Grants permission to update product types, products, and SKUs. | | order_discounts | Grants permission
to apply discounts to orders. | | sales_channel_read | Grants permission to view sales channel information. | |
sales_channel_update | Grants permission to update sales channels. This includes adding products or clients to a sales
channel from the Settings module. | | sales_channel_archive | Grants permission to archive sales channels. | |
sales_channel_create | Grants permission to create sales channels. | | prescription_destroy | Grants permission to
delete prescriptions. | | prescription_update | Grants permission to update, archive, and disable prescriptions. | |
order_refund | Grants permission to refund orders, including shipping costs. | | physician_create | Grants permission to
create physicians. | | physician_read | Grants permission to view physician information. | | physician_update | Grants
permission to update or disable physicians. | | physician_archive | Grants permission to archive and restore physicians.
| | document_destroy | Grants permission to destroy documents. | | production_read | Grants permission to view the
Productions index and Production Profiles. | | discount_code_create | Grants permission to create discounts. | |
discount_code_read | Grants permission to view information in the Discounts module. | | discount_code_update | Grants
permission to update discounts. | | discount_code_archive | Grants permission to archive discounts. | | apply_discount |
Grants permission to apply manual discounts to orders. | | apply_discount_code | Grants permission to apply a discount
code to an order. | | ample_care_read | Grants permission to view and open the AmpleCare tab in the Clients module. | |
ample_care_update | Grants permission to update existing clients through AmpleCare. | | ample_care_create | Grants
permission to accept or reject a new client or prescription though AmpleCare. |
Vault
The Vault security role is designed for the licence holder's team of Packaging Associates and Fulfillment Associates,
and grants the user access to essential packaging and shipping functions in the Productions and Shipping modules on the
Seed-to-Sale platform, as well as to Packaging Runs and Order Fulfillment on the Gun App. This enables the user to
organize bulk cannabis into totes, create Packaging Runs and Mass Packaging Runs, fulfill orders, and create and modify
shipment batches. A Vault user can also move Packaging Runs between SKUs. Additionally, users with the Vault security
role can view information in the Clients, Products, Orders, and Medical Settings modules, but the role restricts the
user from altering data.
Permissions
| | | | --- | --- | | Permission Name | Description | | production_read | Grants permission to view the Productions
index and Production Profiles. | | product_read | Grants permission to view product information, print product labels,
and generate product reports. | | order_read | Grants permission to view the Orders module and order information. | |
client_read | Grants permission to view client information. | | packaging_run_create | Grants permission to create
Packaging Runs and Mass Packaging Runs. | | archive_all_orders | Grants permission to archive all Shipped or Delivered
orders. | | physician_read | Grants permission to view physician information. | | tote_create | Grants permission to
create totes. | | tote_update | Grants permission to update totes. | | tote_read | Grants permission to view tote
information. | | sales_channel_read | Grants permission to view sales channel information. | | shipment_batch_create |
Grants permission to create shipment batches. | | shipment_batch_read | Grants permission to view shipment batch
information and generate scan forms. | | shipment_batch_update | Grants permission to update shipment batches. This
includes adding and removing orders. | | shipment_batch_archive | Grants permission to archive shipment batches. | |
packaging_run_move | Grants permission to move Packaging Runs between SKUs. |
Vault Super
The Vault Super security role is designed for Packaging and Fulfillment managers and supervisors, and grants the user
complete access to packaging and shipping functions in the Productions and Shipping modules on the Seed-to-Sale
platform, as well as the Packaging Runs and Order Fulfillment modules on the Gun App. In addition to the permissions
granted by the standard Vault security role, a Vault Super user can update lab reports, destroy documents, and create
and modify retention samples, vault locations, and picking bins in the Productions module. The Vault Super security role
also affords the user access to the Products module, where they can independently create new products and SKUs. Vault
Super is the only role, aside from Admin, with permission to archive or delete Packaging Runs.
Permissions
| | | | --- | --- | | Permission Name | Description | | packaging_run_create | Grants permission to create Packaging
Runs and Mass Packaging Runs. | | product_read | Grants permission to view product information, print product labels,
and generate product reports. | | product_create | Grants permission to create product types, products, and SKUs. | |
product_archive | Grants permission to archive products. | | product_update | Grants permission to update product types,
products, and SKUs. | | production_read | Grants permission to view the Productions index and Production Profiles. | |
production_create | Grants permission to create productions. | | production_update | Grants permission to update a
production's name. | | production_archive | Grants permission to archive and restore productions. | |
weight_event_create | Grants permission to create manual weight events. | | client_read | Grants permission to view
client information. | | order_read | Grants permission to view the Orders module and order information. | |
sales_channel_read | Grants permission to view sales channel information. | | packaging_run_update | Grants permission
to close and reopen Packaging Runs. | | packaging_run_read | Grants permission to generate a Packaging Run's bottling
record. | | packaging_run_archive | Grants permission to delete Packaging Runs. | | lab_report_update | Grants
permission to update lab reports. This includes updating lab report information, setting a public COA document, and
setting a lab report as active. | | archive_all_orders | Grants permission to archive all Shipped or Delivered orders. |
| physician_read | Grants permission to view physician information. | | document_destroy | Grants permission to destroy
documents. | | packaging_run_move | Grants permission to move Packaging Runs between SKUs. | | shipment_batch_create |
Grants permission to create shipment batches. | | shipment_batch_read | Grants permission to view shipment batch
information and generate scan forms. | | shipment_batch_update | Grants permission to update shipment batches. This
includes adding and removing orders. | | shipment_batch_archive | Grants permission to archive shipment batches. | |
tote_create | Grants permission to create totes. | | tote_update | Grants permission to update totes. | | tote_destroy |
Grants permission to delete totes. | | tote_read | Grants permission to view tote information. | |
retention_sample_create | Grants permission to create retention samples. | | retention_sample_read | Grants permission
to view retention samples and print retention sample labels. | | retention_sample_update | Grants permission to update
retention samples. | | retention_sample_destroy | Grants permission to destroy retention samples. | | location_create |
Grants permission to create locations. This includes both grow rooms and vault locations/picking bins. | | location_read
| Grants permission to view location information and print location labels. | | location_update | Grants permission to
update locations. | | location_archive | Grants permission to archive locations. | | destruction_lot_read | Grants
permission to view the Destruction module and Destruction Lot information. | | received_inventory_read | Grants
permission to view the Received Inventory tab in the Products module. | | received_inventory_release | Grants permission
to release Received Inventories. | | received_inventory_update | Grants permission to update Received Inventories. This
includes returning the inventory. | | received_inventory_revert | Grants permission to revert Received Inventory. | |
received_inventory_create | Grants permission to create Received Inventories. | | report_received_inventory_read |
Grants permission to generate the Received Inventory report. |
QA
The QA security role is designed for the licence holder's Quality Assurance team, and grants the user access to basic QA
functions in the Productions module. This enables the user to create and update lab reports, create and update retention
samples, and manually create weight events. A QA user also has limited access to the Complaints module, where they can
view, create, and update complaints from clients. Additionally, the QA security role allows the user to view information
in the Clients, Orders, Products, Medical Settings, and Destruction modules, but restricts the user from altering data.
Permissions
| | | | --- | --- | | Permission Name | Description | | complaint_update | Grants permission to update complaints. This
includes adding entries in the Pertains To section. | | complaint_create | Grants permission to create complaints. | |
complaint_read | Grants permission to view the Complaints module, download Complaint PDF reports, and access Complaints
Reports in the Reports module. | | lab_report_create | Grants permission to create lab reports. | | lab_report_update |
Grants permission to update lab reports. This includes updating lab report information, setting a public COA document,
and setting a lab report as active. | | retention_sample_create | Grants permission to create retention samples. | |
retention_sample_read | Grants permission to view retention samples and print retention sample labels. | |
retention_sample_update | Grants permission to update retention samples. | | sales_channel_read | Grants permission to
view sales channel information. | | order_read | Grants permission to view the Orders module and order information. | |
client_read | Grants permission to view client information. | | production_read | Grants permission to view the
Productions index and Production Profiles. | | product_read | Grants permission to view product information, print
product labels, and generate product reports. | | physician_read | Grants permission to view physician information. | |
weight_event_create | Grants permission to create manual weight events. | | destruction_lot_read | Grants permission to
view the Destruction module and Destruction Lot information. |
QA Super
The QA Super security role is designed for Quality Assurance managers and supervisors, and grants the user complete
access to all QA functions in the Productions module. In addition to the permissions granted by the standard QA security
role, a QA Super user has the authority to create and modify Productions and Bulk Lots, create and modify vault
locations and picking bins, and destroy retention samples and COA documents. A QA Super also has access to the Products
module, where they can create and modify products and SKUs. The QA Super should be the only role with permission to
release or unrelease Bulk Lots.
Permissions
| | | | --- | --- | | Permission Name | Description | | complaint_update | Grants permission to update complaints. This
includes adding entries in the Pertains To section. | | complaint_create | Grants permission to create complaints. | |
complaint_read | Grants permission to view the Complaints module, download Complaint PDF reports, and access Complaints
Reports in the Reports module. | | lab_report_create | Grants permission to create lab reports. | | lab_report_update |
Grants permission to update lab reports. This includes updating lab report information, setting a public COA document,
and setting a lab report as active. | | product_read | Grants permission to view product information, print product
labels, and generate product reports. | | product_create | Grants permission to create product types, products, and
SKUs. | | product_archive | Grants permission to archive products. | | product_update | Grants permission to update
product types, products, and SKUs. | | weight_event_create | Grants permission to create manual weight events. | |
sales_channel_read | Grants permission to view sales channel information. | | order_read | Grants permission to view the
Orders module and order information. | | client_read | Grants permission to view client information. | | production_read
| Grants permission to view the Productions index and Production Profiles. | | production_update | Grants permission to
update a production's name. | | production_create | Grants permission to create productions. | | production_archive |
Grants permission to archive and restore productions. | | qa_release | Grants permission to release or unrelease Bulk
Lots. | | packaging_run_update | Grants permission to close and reopen Packaging Runs. | | archive_all_orders | Grants
permission to archive all Shipped or Delivered orders. | | physician_read | Grants permission to view physician
information. | | document_destroy | Grants permission to destroy documents. | | retention_sample_create | Grants
permission to create retention samples. | | retention_sample_read | Grants permission to view retention samples and
print retention sample labels. | | retention_sample_update | Grants permission to update retention samples. | |
retention_sample_destroy | Grants permission to destroy retention samples. | | location_create | Grants permission to
create locations. This includes both grow rooms and vault locations/picking bins. | | location_read | Grants permission
to view location information and print location labels. | | location_update | Grants permission to update locations. | |
location_archive | Grants permission to archive locations. | | destruction_lot_read | Grants permission to view the
Destruction module and Destruction Lot information. | | received_inventory_read | Grants permission to view the Received
Inventory tab in the Products module. | | received_inventory_release | Grants permission to release Received
Inventories. | | received_inventory_update | Grants permission to update Received Inventories. This includes returning
the inventory. | | received_inventory_revert | Grants permission to revert Received Inventory. | |
received_inventory_create | Grants permission to create Received Inventories. | | report_received_inventory_read |
Grants permission to generate the Received Inventory report. | | bulk_lot_transfer | Grants permission to transfer
weight between Bulk Lots. | | bulk_lot_split | Grants permission to split Bulk Lots. | | bulk_lot_archive | Grants
permission to archive Bulk Lots. |
Grow
The Grow security role is designed for Grow Technicians, and grants the user basic access to the Grow module and the
corresponding Grow Room module on the Gun App. This enables the user to perform basic grow room functions such as
creating batches and moving or advancing plants.
Permissions
| | | | --- | --- | | Permission Name | Description | | seed_lot_read | Grants permission to view Seed Lot information
and print Seed Lot labels. | | seed_lot_update | Grants permission to update Seed Lots. This includes moving lots,
adding seeds to lots, and moving seeds between lots. | | strain_read | Grants permission to view cannabis strain
information. | | batch_create | Grants permission to create batches. This includes creating a new batch via splitting. |
| batch_read | Grants permission to view batch information. | | batch_update | Grants permission to update batches. This
includes splitting or combining batches, opening a batch for harvest, marking a batch for wholesale, and destroying or
restoring batch waste. | | plant_create | Grants permission to create plants. | | plant_read | Grants permission to view
plant information and print plant labels. | | plant_update | Grants permission to update individual plants. This
includes moving a plant, advancing a plant, marking a plant for wholesale, and updating a plant's mother status. | |
plant_archive | Grants permission to destroy plants. | | destruction_lot_read | Grants permission to view the
Destruction module and Destruction Lot information. | | harvest_read | Grants permission to view harvest information. |
Grow Super
The Grow Super security role is designed for Grow Room managers and supervisors, and grants the user complete access to
all functions within the Grow module and the corresponding Grow Room module on the Gun App. In addition to the
permissions granted by the standard Grow security role, a Grow Super user has the authority to create new Seed Lots,
create new strains, perform harvests, and destroy plant material. The Grow Super also has increased access to the
Destruction module, and can create, close, and destroy Destruction Lots.
Permissions
| | | | --- | --- | | Permission Name | Description | | seed_lot_create | Grants permission to create Seed Lots. | |
seed_lot_read | Grants permission to view Seed Lot information and print Seed Lot labels. | | seed_lot_update | Grants
permission to update Seed Lots. This includes moving lots, adding seeds to lots, and moving seeds between lots. | |
strain_create | Grants permission to add cannabis strains. | | strain_read | Grants permission to view cannabis strain
information. | | strain_update | Grants permission to update cannabis strains. | | strain_archive | Grants permission to
archive cannabis strains. | | batch_create | Grants permission to create batches. This includes creating a new batch via
splitting. | | batch_read | Grants permission to view batch information. | | batch_update | Grants permission to update
batches. This includes splitting or combining batches, opening a batch for harvest, marking a batch for wholesale, and
destroying or restoring batch waste. | | batch_archive | Grants permission to archive batches. | | plant_create | Grants
permission to create plants. | | plant_read | Grants permission to view plant information and print plant labels. | |
plant_update | Grants permission to update individual plants. This includes moving a plant, advancing a plant, marking a
plant for wholesale, and updating a plant's mother status. | | plant_archive | Grants permission to destroy plants. | |
plant_restore | Grants permission to restore destroyed plants or plant waste. | | destruction_lot_create | Grants
permission to create Destruction Lots and sublots. | | destruction_lot_read | Grants permission to view the Destruction
module and Destruction Lot information. | | destruction_lot_update | Grants permission to update Destruction Lots and
sublots. This includes closing, reopening, and destroying lots. | | destruction_lot_archive | Grants permission to
archive Destruction Lots and sublots. | | harvest_create | Grants permission to create harvests. | | harvest_read |
Grants permission to view harvest information. | | harvest_update | Grants permission to update harvests. This includes
harvesting plants, outputting harvest weight to a Bulk Lot, destroying harvest waste, and closing or reopening harvests.
| | harvest_archive | Grants permission to archive harvests. |
View Only
The View Only security role allows the user to view all modules and pages on the Seed-to-Sale platform, but restricts
the user from altering data.
Permissions
| | | | --- | --- | | Permission Name | Description | | client_read | Grants permission to view client information. | |
order_read | Grants permission to view the Orders module and order information. | | sales_channel_read | Grants
permission to view sales channel information. | | location_read | Grants permission to view location information and
print location labels. | | physician_read | Grants permission to view physician information. | | product_read | Grants
permission to view product information, print product labels, and generate product reports. | | production_read | Grants
permission to view the Productions index and Production Profiles. | | lab_report_read | Grants permission to view lab
report information. | | complaint_read | Grants permission to view the Complaints module, download Complaint PDF
reports, and access Complaints Reports in the Reports module. | | packaging_run_read | Grants permission to generate a
Packaging Run's bottling record. | | shipment_batch_read | Grants permission to view shipment batch information and
generate scan forms. |
Report Only
The Report Only security role allows the user to generate any report in the Reports module. A Report Only user can also
view information in the Grow, Medical Settings, and Destruction modules, but the role restricts the user from altering
data.
Permissions
| | | | --- | --- | | Permission Name | Description | | sales_channel_read | Grants permission to view sales channel
information. | | report_client_read | Grants permission to run client reports. | | report_physician_read | Grants
permission to run phyisican reports. | | report_product_read | Grants permission to run product reports. | |
report_order_read | Grants permission to run order reports. | | report_inventory_read | Grants permission to run
inventory reports. | | report_hc_read | Grants permission to run Health Canada reports, including the CTLS and CRA
reports. | | report_complaint_read | Grants permission to run complaints reports. | | report_sales_read | Grants
permission to run sales reports. | | report_accounting_read | Grants permission to run accounting reports. | |
physician_read | Grants permission to view physician information. | | destruction_lot_read | Grants permission to view
the Destruction module and Destruction Lot information. | | strain_read | Grants permission to view cannabis strain
information. | | batch_read | Grants permission to view batch information. | | report_grow_read | Grants permission to
run reports on grow room materials. |
Visit the User Management tab in the Settings module to Create a New Security Role.