NHSDigital · anjalitrace2-nhs · Jan 27, 2026 · Jan 27, 2026 · Jan 28, 2026 · Jan 30, 2026
@@ -1,4 +1,7 @@
 #!/usr/bin/env python
+"""
+Manage organisation pointer type permissions for NRLF apps in a given environment ENV
+"""
 
 import json
 import os

@@ -1,7 +1,7 @@
 account_name     = "perftest"
 aws_account_name = "test"
 
-dynamodb_pointers_table_name = "nhsd-nrlf--perftest-15m-pointers-table"
+dynamodb_pointers_table_name = "nhsd-nrlf--perftest-55m-pointers-table"
 
 domain        = "perftest.record-locator.national.nhs.uk"
 public_domain = "perftest.api.service.nhs.uk"

@@ -45,6 +45,8 @@ make ENV=perftest USE_SHARED_RESOURCES=true apply
 
 You will need to generate pointer permissions the first time performance tests are run in an environment e.g. if the perftest environment is destroyed & recreated.
 
+##### Internal permissions
+
 ```sh
 assume nhsd-nrlf-mgmt
 
@@ -59,6 +61,26 @@ make init TF_WORKSPACE_NAME=perftest-1 ENV=perftest
 make ENV=perftest USE_SHARED_RESOURCES=true apply
 ```
 
+This will set up permissions for the `K6PerformanceTest` organisation, which is used for internal testing.
+
+##### Public permissions
+
+To set additional permissions for public testing, you will need to update the permissions for the default app (currently: `X26-NRL-6981ad7d-cff4-4613-93d0-df60e5e2fc52`) which you can do using [./scripts/manage_permissions.py](./scripts/manage_permissions.py).
+
+You can find the pointer types each ODS code will need permissions for in [tests/performance/seed_data_constants.py](tests/performance/seed_data_constants.py) under `*_POINTERS_CUSTODIAN_DISTRIBUTIONS`. These are used to seed the test data.
+
+For example: while running perf tests, the following failure occurred:
+
+```sh
+WARN[0484] {"issue":[{"severity":"error","code":"forbidden","details":{"coding":[{"system":"https://fhir.nhs.uk/CodeSystem/Spine-ErrorOrWarningCode","code":"ACCESS DENIED","display":"Access has been denied to process this request"}]},"diagnostics":"Your organisation 'TD2L9A' does not have permission to access this resource. Contact the onboarding team."}],"resourceType":"OperationOutcome"}  source=console
+```
+
+To resolve this, we can give the organisation `TD2L9A` permission to access the pointer type `824321000000109` on the default app:
+
+```sh
+ENV=perftest poetry run python ./scripts/manage_permissions.py set_perms X26-NRL-6981ad7d-cff4-4613-93d0-df60e5e2fc52 TD2L9A http://snomed.info/sct\|824321000000109
+```
+
 ### Prepare to run tests
 
 Prepare input files

@@ -3,7 +3,11 @@
 
 import fire
 
-from tests.performance.seed_data_constants import DEFAULT_CUSTODIAN_DISTRIBUTIONS
+from tests.performance.seed_data_constants import (
+    DEFAULT_CUSTODIAN_DISTRIBUTIONS,
+    VOL_15M_POINTERS_CUSTODIAN_DISTRIBUTIONS,
+    VOL_55M_POINTERS_CUSTODIAN_DISTRIBUTIONS,
+)
 
 
 def main(output_dir="../../dist/nrlf_permissions/K6PerformanceTest"):
@@ -15,6 +19,12 @@ def main(output_dir="../../dist/nrlf_permissions/K6PerformanceTest"):
     for pointer_type, custodians in DEFAULT_CUSTODIAN_DISTRIBUTIONS.items():
         for custodian, _ in custodians.items():
             custodian_permissions.setdefault(custodian, []).append(pointer_type)
+    for pointer_type, custodians in VOL_15M_POINTERS_CUSTODIAN_DISTRIBUTIONS.items():
+        for custodian, _ in custodians.items():
+            custodian_permissions.setdefault(custodian, []).append(pointer_type)
+    for pointer_type, custodians in VOL_55M_POINTERS_CUSTODIAN_DISTRIBUTIONS.items():
+        for custodian, _ in custodians.items():
+            custodian_permissions.setdefault(custodian, []).append(pointer_type)
 
     for custodian, pointer_types in custodian_permissions.items():
         permissions = [f"http://snomed.info/sct|{pt}" for pt in pointer_types]