At a Glance
Persona: Audit / Config (Auditor + System Administrator) · Module: good-receive-note · Workflow stages: Off-path observers — Sysadmin owns lot-number format, RBAC, tax/currency/reason codes, integration wiring; Auditor reads the full GRN dataset, runs recall and lot-trace queries · Key permissions: Sysadmin configures rules (GRN_AUTH_001–GRN_AUTH_011); Auditor read-only (no transactional writes)
What this persona does: Configures the GRN module's rules and integration surface (Sysadmin); inspects the full audit trail and runs lot-recall traces (Auditor).
The Audit / Config persona folds two non-transactional roles into a single flow because neither participates in the GRN document state machine and the carmen-wiki GRN index does not list Auditor separately. The System Administrator sub-persona maintains the lot-number generation format that the Receiver applies on draft → saved, configures RBAC and approval thresholds that gate every GRN_AUTH_001–GRN_AUTH_011 action (in particular the segregation-of-duties enforcement on the saved → committed transition per GRN_AUTH_010), manages tax codes, currency exchange rates, and reason codes for cancellations and rejections, and oversees the integration wiring between the GRN module and purchase-order, inventory, Finance / AP, and Vendor modules. The Auditor sub-persona (folded in) is strictly read-only across the full GRN dataset — receipt activity, variance comments, three-way-match outcomes, credit-note linkages, period-close sign-offs, and the underlying workflow_history JSON on tb_good_received_note — and runs lot-tracing investigations during product-recall or quality-incident workstreams by walking the tb_inventory_transaction_detail.lot_no linkage back from on-hand stock and forward from committed GRNs. Neither sub-persona ever appears in the transactional flow: the Sysadmin's edits change rules that apply to future GRNs (in-flight GRNs retain a snapshot of the rules in force when they were saved), and the Auditor's queries return data without writing any state. Critically, the segregation-of-duties enforcement (GRN_AUTH_010 Receiver ≠ Purchaser, mirrored by PO_AUTH_010 on the PO side) and the post-commit elevated-void rule (GRN_POST_010 — voiding a committed GRN is forbidden, and post-commit reversal requires Inventory Manager + Finance co-authorisation via credit-note or compensating adjustment) live in the RBAC and posting-rule layer that this persona owns the configuration of.
Neither sub-persona participates in the GRN document state machine. The Auditor is strictly read-only across the full GRN dataset. The System Administrator configures the rules that govern future GRNs but does not execute transactions on GRN documents directly.
| Action | Auditor | System Administrator |
|---|---|---|
| View any GRN (all statuses) | ✅ — full dataset, read-only | ✅ — via config console impact preview |
Read workflow_history JSON |
✅ | ❌ (not a routine config action) |
| Read line edits, comment threads, match outcomes | ✅ | ❌ |
| Read credit-note linkages, period-close sign-offs | ✅ | ❌ |
Run lot-recall trace (lot_no → GRN → downstream movements) |
✅ | ❌ |
| Export activity log (plain — no cost / PII) | ✅ (no secondary approval) | ❌ |
| Export activity log (sensitive — unit costs, vendor terms, PII) | ✅ (secondary approval from Controller / DPO required) | ❌ |
| Configure lot-number format | ❌ | ✅ |
| Configure RBAC roles and approval thresholds | ❌ | ✅ |
Configure GRN_AUTH_010 segregation-of-duties enforcement |
❌ | ✅ |
| Configure tax codes / rates | ❌ | ✅ |
| Configure currency exchange-rate feed | ❌ | ✅ |
| Configure cancellation / rejection reason codes | ❌ | ✅ |
| Configure integration endpoints (PO / Inventory / Finance / Vendor) | ❌ | ✅ |
Mutate GRN doc_status |
❌ | ❌ |
Void / reverse committed GRN |
❌ | ❌ (ensure co-auth gate only — GRN_POST_010) |
ℹ️ In-flight GRN snapshot rule: Sysadmin configuration changes (tax codes, reason codes, RBAC) apply only to new GRNs created after the effective-from timestamp. In-flight
draft/savedGRNs retain the configuration snapshot in force at create time. Attempting to retire a configuration value referenced by in-flight GRNs is blocked by the impact preview.
ℹ️ TBC — lot number generation:
Test_case/System_Process/tx-01-grn.mdStep 2 notes that the lot number may be system-generated or supplier-provided (TBC). The Sysadmin's lot-format configuration panel covers the system-generated path; the supplier-provided override path is not yet specified. Source:Test_case/System_Process/tx-01-grn.md(capture date 2026-04-27).
Entry points: Sub-persona-specific, no overlap with the transactional GRN list view.
workflow_history rows from tb_good_received_note joined with line-level edits, comments, three-way-match outcomes, credit-note linkages, and lot data from tb_inventory_transaction_detail. Filter facets: date range, vendor, lot number, PO number, GRN number, user, action type.tb_good_received_note.workflow_history, line-edit history, comment threads (Receiver variance notes, Purchaser resolution logs, Finance match outcomes), credit-note bookings, and period-close sign-offs into a single chronological feed.created_by_id), who saved, who committed (with the GRN_AUTH_010 segregation check evidence), who edited the extra-cost allocation pre-AP-posting, the three-way-match outcome, any credit notes booked against the GRN, and the period-close sign-off that closed the receipt.lot_no and run the trace — the system walks tb_inventory_transaction_detail.lot_no across all tb_inventory_transaction rows, identifies every committed GRN that introduced the lot (via tb_good_received_note_detail_item.inventory_transaction_id), and identifies every downstream movement (issue, transfer, adjustment, sale, consumption) that drew from the lot. The trace produces the chain-of-custody for the recall scope. Forward-trace and backward-trace are both supported (forward from receipt to consumption; backward from on-hand to receipt).GRN_AUTH_010), tax / currency / reason codes (tax-code list with rates and effective dates, currency rate feed, cancellation and rejection reason taxonomies), or integration (PO module link, Inventory cost-layer endpoint, Finance GL account map, Vendor master sync).draft / saved GRNs reference the affected configuration, whether any committed GRN's downstream three-way match depends on the affected tax / GL mapping, and which user sessions hold the affected RBAC role. The preview also flags whether the change blocks new GRN creation while the migration runs (e.g. RBAC role rename).draft or saved retain the snapshot of the configuration in force when they were created (lot-number format, tax codes, reason codes, RBAC at create time) unless the field is explicitly recomputed by the user.[purchase-order](/en/inventory/purchase-order) / credit note); the Auditor's deliverable is the trace report.draft or saved GRNs is rejected by the impact preview at step 4. Resolution paths: (a) wait for the in-flight GRNs to commit or void; (b) bulk-recompute the affected GRNs by re-opening and re-saving them against the new config; or (c) soft-deprecate the old code (mark as inactive, keep readable on existing GRNs) and require the new code on all new GRNs. committed GRNs always retain the historical snapshot regardless — the audit chain on a posted GRN is immutable.GRN_AUTH_010 to also forbid the AP Clerk who keys the invoice from committing the GRN) take effect at the next saved → committed transition; in-flight saved GRNs are evaluated against the new rule at the moment of commit, not at the moment of save.committed GRN is rejected outright per GRN_POST_010 — committed is terminal and voided is pre-commit only. The reversal workflow requires Inventory Manager + Finance co-authorisation and runs as a tb_credit_note against the GRN (reversing the AP accrual or the AP-Trade liability depending on three-way-match state) plus, if physical stock has already moved, a compensating inventory-adjustment. The Sysadmin's role in this branch is to ensure the RBAC layer correctly gates the co-authorisation (Inventory Manager + Finance signatures recorded on the credit-note's workflow_history); the Sysadmin does not execute the reversal.The Audit / Config persona's involvement on a given GRN or configuration change ends at one of three boundaries:
draft / saved GRNs retain the snapshot of the rules in force at create time unless explicitly recomputed; committed GRNs are immutable. The Sysadmin notifies the affected user community (Receivers, Inventory Managers, Finance, Purchasers) of the rule change via the standard release-note channel.draft / saved / committed / voided) on enum_good_received_note_status, the global state machine that this persona observes (without altering) and configures the RBAC / posting-rule gates for.draft → saved → committed transitions write the activity-log entries that the Auditor reads, and whose lot-number entry follows the format the Sysadmin maintains.GRN_AUTH_010 / PO_AUTH_010 is configured by the Sysadmin in the RBAC panel.tb_good_received_note.workflow_history (the JSON activity-log array the Auditor reads), tb_inventory_transaction_detail.lot_no (the lot-trace linkage), and the configuration tables that the Sysadmin maintains (tax code, currency, reason code, RBAC role).GRN_AUTH_001–GRN_AUTH_011, the RBAC and segregation rules the Sysadmin configures) and Section 6 Cross-Module Rules (GRN_XMOD_001–GRN_XMOD_010, the integration wiring the Sysadmin maintains), together with GRN_POST_010 (the post-commit-void prohibition that the Sysadmin enforces via co-authorisation in the credit-note / inventory-adjustment reversal path).PO_AUTH_010 mirror of the segregation-of-duties rule.committed GRNs through tb_inventory_transaction rows to current on-hand and downstream issues / transfers / adjustments / consumption.GRN_POST_010; the Sysadmin configures the RBAC threshold for this co-authorisation.../carmen/docs/good-recive-note-managment/GRN-Overview.md — carmen/docs module overview: System Administrator role (lot-number generation format, user permissions, approval thresholds, tax codes, currency rates, reason codes, integration with PO / Inventory / Finance / Vendor) and the audit-trail / variance-analysis reporting capability that underpins the Auditor sub-persona.