Discussions underway with Phocas but thought it would be prudent to add here.
Currently the rebates module is a simple security mechanism you are either have access to the rebates module or not.
On a security basis I consider the following to be required:
- Project level access (read only)
- Agreement access (all can view if they have access to the project, but only specific people are allowed to manage)
- Admin Access.
Coupled with this, the business require workflow to be applied to the rebates module to allow a more robust solution. for example (assuming security above exists):
A person who makes a rebate may not necessarily be allowed to calculate or post.
A person that is allowed to calculate the rebates.
A person who is allowed to post the calculations.
In this simplified example in all steps of the process would be notified if there is something they are required to work on.
I appreciate this is a very large area and many ins-and-outs, however currently access to rebates has to be carefully controlled as there is no means of audting.