Creating Users and Managing Permissions
DefaultAdmin
There is always a defaultadmin
user which has full permissions for the application. It cannot be removed, and the username cannot be changed from defaultadmin. Access to this account should be restricted to administrators and trusted users for administration purposes. Separate user accounts should be created for all users for day to day use.
Creating/Editing Users
- Users must have a unique
username
andQuick Login PIN
- When creating a user, a
password
must be set - When editing a user, if the password fields are set, the password will be updated. If they are left blank, the password will be left as is
- If set, the
Quick Login PIN
can be used on the login screen for faster user login (particularly on touch devices). The PIN can only be used within 12 hours of the user logging in with their full username and password on a connected POS terminal.
Deleting Users
- When a user is deleted, a subsequent user cannot be created with the same username or PIN after it has been deleted.
Assigning User Permissions
-
Select an action
dropdown next to a user and clickPermissions
- If the
Allow user login
permission is not granted, the user cannot use the application at all and is locked out - All other permissions should be granted as required. Sections of the application that the user does not have permission to access will be hidden from them.
API Access
-
Enable API Access
will allow the user credentials associated with the account to authenticate with an API Key rather than with username and password. This can be used to set up programmatic access for a 3rd party application or service with limited permissions. See here for more info.
Permissions
Below is a breakdown of the permissions that can be granted to a user, and the actions that permission set allows them to perform
{
//All permissions are granted.
ALL:[
'ALL'
],
//Some actions will have a global read allow, - Configurations, attachments, permissions, printables, printers, selectables, terminals,
GLOBAL: [
"CONFIGURATION_READ",
"ATTACHMENT_READ",
"ATTACHMENT_CREATE",
"ATTACHMENT_UPDATE",
"ATTACHMENT_DELETE",
"PRINTABLE_READ",
"PRINTER_READ",
"PRINT_RULE_READ",
"SELECTABLE_READ",
"BANKACCOUNT_READ",
"TERMINAL_READ",
],
LOGIN: [
'LOGIN'
],
//Edit sales (and associated rows), sale Payments. read products, contacts, tax classes, discounts, categories
//Also has access to expenses for refunds
SALES: [
"TAXCLASS_READ",
"PAYMENTMETHOD_READ",
"PRODUCT_READ",
"CATEGORY_READ",
"CONTACT_READ",
"SALE_READ",
"SALE_CREATE",
"SALE_UPDATE",
"SALE_DELETE",
"PAYMENT_READ",
"PAYMENT_CREATE",
"PAYMENT_UPDATE",
"PAYMENT_DELETE",
"EXPENSE_READ",
"EXPENSE_CREATE",
"EXPENSE_UPDATE",
"EXPENSE_DELETE",
],
//Touch sales - same rights as sales for now, but with a different name so that sales/touchsales client screen access can be granted to users separately
TOUCHSALES: [
"TAXCLASS_READ",
"PAYMENTMETHOD_READ",
"PRODUCT_READ",
"CATEGORY_READ",
"CONTACT_READ",
"SALE_READ",
"SALE_CREATE",
"SALE_UPDATE",
"SALE_DELETE",
"PAYMENT_READ",
"PAYMENT_CREATE",
"PAYMENT_UPDATE",
"PAYMENT_DELETE",
"EXPENSE_READ",
"EXPENSE_CREATE",
"EXPENSE_UPDATE",
"EXPENSE_DELETE",
],
//Edit purchases (and associated rows), purchase expenses. read products, contacts, tax classes, discounts, categories
PURCHASES: [
"TAXCLASS_READ",
"PAYMENTMETHOD_READ",
"PRODUCT_READ",
"CATEGORY_READ",
"CONTACT_READ",
"PURCHASE_READ",
"PURCHASE_CREATE",
"PURCHASE_UPDATE",
"PURCHASE_DELETE",
"EXPENSE_READ",
"EXPENSE_CREATE",
"EXPENSE_UPDATE",
"EXPENSE_DELETE",
],
//Directly CRUD payments and expenses
PAYMENTSEXPENSES:[
"PAYMENT_READ",
"PAYMENT_CREATE",
"PAYMENT_UPDATE",
"PAYMENT_DELETE",
"EXPENSE_READ",
"EXPENSE_CREATE",
"EXPENSE_UPDATE",
"EXPENSE_DELETE",
],
//Edit Configurations, bank accounts, payment methods, selectables, users, permissions, terminals
CONFIG: [
"CONFIGURATION_UPDATE",
"USER_READ",
"USER_CREATE",
"USER_UPDATE",
"USER_DELETE",
"PERMISSION_READ",
"PERMISSION_CREATE",
"PERMISSION_DELETE",
"TERMINAL_CREATE",
"TERMINAL_UPDATE",
"TERMINAL_DELETE",
"PRINTER_CREATE",
"PRINTER_UPDATE",
"PRINTER_DELETE",
"WEBHOOK_READ",
"WEBHOOK_CREATE",
"WEBHOOK_UPDATE",
"WEBHOOK_DELETE",
"PRINT_RULE_CREATE",
"PRINT_RULE_UPDATE",
"PRINT_RULE_DELETE",
"BANKACCOUNT_CREATE",
"BANKACCOUNT_UPDATE",
"BANKACCOUNT_DELETE",
"PAYMENTMETHOD_READ",
"PAYMENTMETHOD_CREATE",
"PAYMENTMETHOD_UPDATE",
"PAYMENTMETHOD_DELETE",
"SELECTABLE_CREATE",
"SELECTABLE_UPDATE",
"SELECTABLE_DELETE",
"PRINTABLE_CREATE",
"PRINTABLE_UPDATE",
"PRINTABLE_DELETE",
],
//Edit Products, Categories, Discounts, Stock adjustments, tax classes, read stock calcs
PRODUCTS: [
"STOCKADJUSTMENT_READ",
"STOCKADJUSTMENT_CREATE",
"STOCKADJUSTMENT_UPDATE",
"STOCKADJUSTMENT_DELETE",
"DISCOUNT_READ",
"DISCOUNT_CREATE",
"DISCOUNT_UPDATE",
"DISCOUNT_DELETE",
"PRODUCT_READ",
"PRODUCT_CREATE",
"PRODUCT_UPDATE",
"PRODUCT_DELETE",
"TAXCLASS_CREATE",
"TAXCLASS_UPDATE",
"TAXCLASS_DELETE",
"CATEGORY_READ",
"CATEGORY_CREATE",
"CATEGORY_UPDATE",
"CATEGORY_DELETE",
],
// Edit contacts
CONTACTS: [
"CONTACT_READ",
"CONTACT_CREATE",
"CONTACT_UPDATE",
"CONTACT_DELETE",
],
// Manage TimeKeeping
TIMEKEEPING: [
"CLOCKINOUT_READ",
"CLOCKINOUT_CREATE",
"CLOCKINOUT_UPDATE",
"CLOCKINOUT_DELETE",
],
//Clock in our out
CLOCK: [
"CLOCK"
],
//Edit / Read Reports
REPORTS: [
"GENERATE_REPORT",
"VBAREPORT_READ",
"VBAREPORT_CREATE",
"VBAREPORT_DELETE",
"VBAREPORT_UPDATE",
//Easy Reports requires read access to the following
'PAYMENT_READ',
'EXPENSE_READ',
'TRANSFER_READ',
'BANKADJUSTMENT_READ',
'FLOATADJUSTMENT_READ',
'STOCKADJUSTMENT_READ',
'CATEGORY_READ',
'PRODUCT_READ',
'TERMINAL_READ',
'BANKACCOUNT_READ',
'USER_READ',
'CLOCKINOUT_READ',
"CALCULATE_FLOAT",
"CALCULATE_BANKING",
"SALE_READ",
'PURCHASE_READ',
],
//Edit BankAdjustments, Float Adjustments, reconciliations. read float, read bank floats,
FINANCES: [
"CALCULATE_FLOAT",
"FLOATADJUSTMENT_READ",
"FLOATADJUSTMENT_CREATE",
"FLOATADJUSTMENT_UPDATE",
"FLOATADJUSTMENT_DELETE",
"TRANSFER_READ",
"TRANSFER_CREATE",
"TRANSFER_UPDATE",
"TRANSFER_DELETE",
"CALCULATE_BANKING",
"BANKADJUSTMENT_READ",
"BANKADJUSTMENT_CREATE",
"BANKADJUSTMENT_UPDATE",
"BANKADJUSTMENT_DELETE",
"CALCULATE_RECONCILIATION",
"RECONCILIATION_READ",
"RECONCILIATION_CREATE",
"RECONCILIATION_UPDATE",
"RECONCILIATION_DELETE",
],
//read env info from backend
INFO: [
'INFO'
]
}