The unit cost of a part — what your garage paid for it — is treated as sensitive internal information in Pistonlog. It's protected by a separate permission key from the rest of the parts module.
The rule
| Permission | Who has it by default | What it gates |
|---|---|---|
parts.manage | Owner, Manager, Reception, Tech | Adding/editing/reordering parts |
parts.view_cost | Owner, Manager only | Seeing the unit cost column |
A reception user or technician can add a part to a jobcard, set a quantity, and update its order status — but they can't see what the garage paid for it. They see the unit price (what the customer is charged) but not the cost.
Why split
Three reasons:
- Margin — what the garage makes per part is internal business data
- Supplier confidentiality — your buying prices may be commercially sensitive
- Technician focus — the technician needs to know which part to fit, not what it cost
Server-side enforcement
Like financial fields on the jobcard, this is enforced server-side too. The unitCost field is stripped from API responses for any user without parts.view_cost, so even if a future mobile app or third-party integration tried to read it, the data isn't there to read.
Custom roles
If you want a custom role that can see unit cost — say, a senior receptionist who also tracks margins — flip the parts.view_cost toggle on that role in Team Management.