It is perfectly OK if users with different roles see different representations of the same resource, especially admin vs. ordinary users, which basically covers your case.

Another common case is that certain resources (for example orders in a web shop system) are accessible only to the customer (and the webshop owner) but not to other customers or unauthenticated visitors, even if they know the full resource URI.

So, if your `/inventory` lists active and inactive resources for the store owner, but only active items for customers, that would be perfectly reasonable. Of course, `/inventory/<item-id>` for an inactive item could then return a `404` status for customers (little white lie pretending that the item does not exist) and the item data for shop owners. One could argue that `403` is more suitable (item exists but you are not allowed to view it), and depending on the application that might be a better solution.