Creating Users and Managing Permissions

Screen-Shot-2018-11-19-at-9.53.59-pm.png

DefaultAdmin

There is always a defaultadmin user which has full permissions for the application. It cannot be removed, and the username cannot be changed from defaultadmin.  Access to this account should be restricted to administrators and trusted users for administration purposes.  Separate user accounts should be created for all users for day to day use.

Creating/Editing Users
  • Users must have a unique username and Quick Login PIN
  • When creating a user, a password must be set
  • When editing a user, if the password fields are set, the password will be updated.  If they are left blank, the password will be left as is
  • If set, the Quick Login PIN can be used on the login screen for faster user login (particularly on touch devices).  The PIN can only be used within 12 hours of the user logging in with their full username and password on a connected POS terminal.
Deleting Users
  • When a user is deleted, a subsequent user cannot be created with the same username or PIN after it has been deleted.
Assigning User Permissions
  • Select an action dropdown next to a user and click Permissions
  • If the Allow user login permission is not granted, the user cannot use the application at all and is locked out
  • All other permissions should be granted as required.  Sections of the application that the user does not have permission to access will be hidden from them.
API Access
  • Enable API Access will allow the user credentials associated with the account to authenticate with an API Key rather than with username and password.  This can be used to set up programmatic access for a 3rd party application or service with limited permissions.  See here for more info.
Permissions

Below is a breakdown of the permissions that can be granted to a user, and the actions that permission set allows them to perform

{
		//All permissions are granted. 
		ALL:[
			'ALL'
		],
        //Some actions will have a global read allow, - Configurations, attachments, permissions, printables, printers, selectables, terminals, 
        GLOBAL: [
            "CONFIGURATION_READ",
            "ATTACHMENT_READ",
            "ATTACHMENT_CREATE",
            "ATTACHMENT_UPDATE",
            "ATTACHMENT_DELETE",
            "PRINTABLE_READ",
			"PRINTER_READ",
			"PRINT_RULE_READ",
            "SELECTABLE_READ",
            "BANKACCOUNT_READ",
            "TERMINAL_READ", 
        ],
        LOGIN: [
            'LOGIN'
        ],
		//Edit sales (and associated rows), sale Payments. read products, contacts, tax classes, discounts, categories
		//Also has access to expenses for refunds
        SALES: [
            "TAXCLASS_READ",
            "PAYMENTMETHOD_READ",
            "PRODUCT_READ",
            "CATEGORY_READ",
            "CONTACT_READ",
            "SALE_READ",
            "SALE_CREATE",
            "SALE_UPDATE",
			"SALE_DELETE",
			"PAYMENT_READ",
            "PAYMENT_CREATE",
            "PAYMENT_UPDATE",
            "PAYMENT_DELETE",
            "EXPENSE_READ",
            "EXPENSE_CREATE",
            "EXPENSE_UPDATE",
            "EXPENSE_DELETE",
			
		],
		//Touch sales - same rights as sales for now, but with a different name so that sales/touchsales client screen access can be granted to users separately
		TOUCHSALES: [
            "TAXCLASS_READ",
            "PAYMENTMETHOD_READ",
            "PRODUCT_READ",
            "CATEGORY_READ",
            "CONTACT_READ",
            "SALE_READ",
            "SALE_CREATE",
            "SALE_UPDATE",
			"SALE_DELETE",
			"PAYMENT_READ",
            "PAYMENT_CREATE",
            "PAYMENT_UPDATE",
            "PAYMENT_DELETE",
            "EXPENSE_READ",
            "EXPENSE_CREATE",
            "EXPENSE_UPDATE",
            "EXPENSE_DELETE",
        ],
        //Edit purchases (and associated rows), purchase expenses. read products, contacts, tax classes, discounts, categories
        PURCHASES: [
            "TAXCLASS_READ",
            "PAYMENTMETHOD_READ",
            "PRODUCT_READ",
            "CATEGORY_READ",
            "CONTACT_READ",
            "PURCHASE_READ",
            "PURCHASE_CREATE",
            "PURCHASE_UPDATE",
			"PURCHASE_DELETE",
			"EXPENSE_READ",
            "EXPENSE_CREATE",
            "EXPENSE_UPDATE",
            "EXPENSE_DELETE",
        ],
        //Directly CRUD payments and expenses 
        PAYMENTSEXPENSES:[
            "PAYMENT_READ",
            "PAYMENT_CREATE",
            "PAYMENT_UPDATE",
            "PAYMENT_DELETE",
            "EXPENSE_READ",
            "EXPENSE_CREATE",
            "EXPENSE_UPDATE",
            "EXPENSE_DELETE",
        ],
        //Edit Configurations, bank accounts, payment methods, selectables, users, permissions, terminals
        CONFIG: [
            "CONFIGURATION_UPDATE",
            "USER_READ",
            "USER_CREATE",
            "USER_UPDATE",
            "USER_DELETE",
            "PERMISSION_READ",
            "PERMISSION_CREATE",
            "PERMISSION_DELETE",
            "TERMINAL_CREATE",
            "TERMINAL_UPDATE",
            "TERMINAL_DELETE",
            "PRINTER_CREATE",
            "PRINTER_UPDATE",
			"PRINTER_DELETE",
			"WEBHOOK_READ",
			"WEBHOOK_CREATE",
            "WEBHOOK_UPDATE",
			"WEBHOOK_DELETE",
			"PRINT_RULE_CREATE",
            "PRINT_RULE_UPDATE",
            "PRINT_RULE_DELETE",
            "BANKACCOUNT_CREATE",
            "BANKACCOUNT_UPDATE",
            "BANKACCOUNT_DELETE",
            "PAYMENTMETHOD_READ",
            "PAYMENTMETHOD_CREATE",
            "PAYMENTMETHOD_UPDATE",
            "PAYMENTMETHOD_DELETE",
            "SELECTABLE_CREATE",
            "SELECTABLE_UPDATE",
            "SELECTABLE_DELETE",
            "PRINTABLE_CREATE",
            "PRINTABLE_UPDATE",
            "PRINTABLE_DELETE",
        ],
        //Edit Products, Categories, Discounts, Stock adjustments, tax classes, read stock calcs
        PRODUCTS: [
            "STOCKADJUSTMENT_READ",
            "STOCKADJUSTMENT_CREATE",
            "STOCKADJUSTMENT_UPDATE",
            "STOCKADJUSTMENT_DELETE",
            "DISCOUNT_READ",
            "DISCOUNT_CREATE",
            "DISCOUNT_UPDATE",
            "DISCOUNT_DELETE",
            "PRODUCT_READ",
            "PRODUCT_CREATE",
            "PRODUCT_UPDATE",
            "PRODUCT_DELETE",
            "TAXCLASS_CREATE",
            "TAXCLASS_UPDATE",
            "TAXCLASS_DELETE",
            "CATEGORY_READ",
            "CATEGORY_CREATE",
            "CATEGORY_UPDATE",
            "CATEGORY_DELETE",
        ],
        // Edit contacts
        CONTACTS: [
            "CONTACT_READ",
            "CONTACT_CREATE",
            "CONTACT_UPDATE",
            "CONTACT_DELETE",
		],
		// Manage TimeKeeping
        TIMEKEEPING: [
            "CLOCKINOUT_READ",
            "CLOCKINOUT_CREATE",
            "CLOCKINOUT_UPDATE",
            "CLOCKINOUT_DELETE",
		],
		//Clock in our out
		CLOCK: [
            "CLOCK"
		],
        //Edit / Read Reports
        REPORTS: [
            "GENERATE_REPORT",
            "VBAREPORT_READ",
            "VBAREPORT_CREATE",
            "VBAREPORT_DELETE",
            "VBAREPORT_UPDATE",
            //Easy Reports requires read access to the following
            'PAYMENT_READ',
            'EXPENSE_READ',
            'TRANSFER_READ',
            'BANKADJUSTMENT_READ',
			'FLOATADJUSTMENT_READ',
			'STOCKADJUSTMENT_READ',
			'CATEGORY_READ',
			'PRODUCT_READ',
            'TERMINAL_READ',
			'BANKACCOUNT_READ',
			'USER_READ',
			'CLOCKINOUT_READ',
			"CALCULATE_FLOAT",
			"CALCULATE_BANKING",
			"SALE_READ",
			'PURCHASE_READ',
        ],
        //Edit BankAdjustments, Float Adjustments, reconciliations. read float, read bank floats, 
        FINANCES: [
            "CALCULATE_FLOAT",
            "FLOATADJUSTMENT_READ",
            "FLOATADJUSTMENT_CREATE",
            "FLOATADJUSTMENT_UPDATE",
            "FLOATADJUSTMENT_DELETE",
            "TRANSFER_READ",
            "TRANSFER_CREATE",
            "TRANSFER_UPDATE",
            "TRANSFER_DELETE",
            "CALCULATE_BANKING",
            "BANKADJUSTMENT_READ",
            "BANKADJUSTMENT_CREATE",
            "BANKADJUSTMENT_UPDATE",
            "BANKADJUSTMENT_DELETE",
            "CALCULATE_RECONCILIATION",
            "RECONCILIATION_READ",
            "RECONCILIATION_CREATE",
            "RECONCILIATION_UPDATE",
            "RECONCILIATION_DELETE",
        ],
        //read env info from backend
        INFO: [
            'INFO'
        ]
}