SARAH
DocumentationAPI Reference

Roles and Permissions

Learn how roles and permissions work in Sarah and how to manage them.

Last updated: 2025-01-26

Sarah's roles and permissions system allows you to control what each user can do in the system, ensuring they only have access to what they need.

What are Roles?

A role is a set of predefined permissions that determines which functionalities a user can use. Sarah has four main roles:

Administrator (Role ID: 1)

The role with most permissions, ideal for owners or managers.

Permissions:

  • ✅ Full access to configuration
  • ✅ User management (create, edit, delete)
  • ✅ Access to all modules
  • ✅ Billing and receipt issuance
  • ✅ Complete reports and analysis
  • ✅ Integration configuration
  • ✅ Cash register and shift management
  • ✅ Access to superadmin (if applicable)

When to use:

  • Business owners
  • General managers
  • Trusted personnel who need full access

Cashier (Role ID: 2)

Focused on point of sale and cash operations.

Permissions:

  • ✅ Point of sale (POS)
  • ✅ Make sales
  • ✅ Cash register management (open, close)
  • ✅ Shifts
  • ✅ View products and basic inventory
  • ❌ Configuration
  • ❌ User management
  • ❌ Billing (depends on configuration)
  • ❌ Advanced reports

When to use:

  • Cash register staff
  • Salespeople who also handle cash
  • Staff who need access to POS and cash registers

Salesperson (Role ID: 3)

Focused on sales and customer service.

Permissions:

  • ✅ Point of sale (POS)
  • ✅ Make sales
  • ✅ Customer management (view, create, edit)
  • ✅ View products and inventory
  • ❌ Cash registers and shifts
  • ❌ Configuration
  • ❌ User management
  • ❌ Billing (depends on configuration)
  • ❌ Advanced reports

When to use:

  • Salespeople
  • Customer service staff
  • Staff who only need to sell

Junior Salesperson (Role ID: 4)

Inherits Salesperson permissions but with additional restrictions in the Point of Sale, designed for new staff or those requiring supervision.

Permissions:

  • ✅ Point of sale (POS) with restrictions
  • ✅ Make sales
  • ✅ Customer management (view, create, edit)
  • ❌ Edit prices in the POS cart
  • ❌ Edit quantities in the POS cart
  • ❌ Remove products without authorization code
  • ❌ Cancel sales without authorization code + comment
  • ❌ View returns in POS
  • ❌ View Inventory > Products in menu
  • ❌ Switch cart view mode
  • ❌ Cash registers and shifts
  • ❌ Configuration
  • ❌ User management
  • ❌ Billing (depends on configuration)
  • ❌ Advanced reports
  • ❌ View cancellation logs

When to use:

  • New staff in probation period
  • Salespeople requiring supervision
  • Employees with restricted POS access

For more details about the cancellation system, see Cancellations in POS.

Assign Roles

When Creating a User

  1. Go to Contacts > Users
  2. Click "New User"
  3. Complete user information
  4. Select Role from dropdown
  5. Save user

Change User Role

  1. Go to Contacts > Users
  2. Search for user you want to modify
  3. Open edit form
  4. Change Role in dropdown
  5. Save changes

Note: Role changes apply immediately. User must log out and log back in for changes to take full effect.

Specific Permissions

Permissions by Module

Although roles are predefined, some permissions may vary according to configuration:

Point of Sale (POS)

  • All roles can access POS
  • Administrators can configure POS
  • Cashiers and Salespeople can make sales

Inventory

  • All roles can view products
  • Only Administrators can create, edit, or delete products
  • Cashiers and Salespeople can view stock

Billing

  • Administrators can issue all receipt types
  • Cashiers and Salespeople can issue receipts according to configuration
  • Some receipts may require special permissions

Reports

  • Administrators have full access to all reports
  • Cashiers and Salespeople may have limited access according to configuration

Best Practices

Principle of Least Privilege

Assign the role with fewest permissions the user needs:

  • Junior Salesperson for new staff or those requiring supervision
  • Salesperson for staff who only sell
  • Cashier for staff who handle cash
  • Administrator only for trusted personnel

Regular Review

Regularly review assigned roles:

  • Active users: Verify all have correct role
  • Inactive users: Deactivate or delete users who no longer need access
  • Responsibility changes: Update roles when responsibilities change

Documentation

Document who has what role:

  • User list: Keep an updated list
  • Justification: Document why each user has their role
  • Review: Review and update documentation regularly

Security

Don't Share Credentials

  • Never share credentials between users
  • Each user must have their own account
  • Assign roles appropriately instead of sharing accounts

Temporary Access

If you need to give temporary access:

  • Create temporary user with appropriate role
  • Delete user when no longer necessary
  • Don't use shared accounts

Monitoring

Monitor account usage:

  • Review logs: Regularly review user activities
  • Detect anomalies: Look for suspicious activities
  • Act quickly: If you detect problems, act immediately

Troubleshooting

User Cannot Access a Module

Possible causes:

  • Role without permissions for that module
  • User needs to log out and log back in
  • Error in role assignment

Solution:

  1. Verify user's role
  2. Confirm role has permissions for that module
  3. Ask user to log out and log back in
  4. If it persists, contact support

User Has Too Many Permissions

Solution:

  1. Review assigned role
  2. Change to a role with fewer permissions
  3. Save changes
  4. Ask user to log out and log back in

I Need a Custom Role

Current limitation:

  • Sarah has 4 predefined roles (Administrator, Cashier, Salesperson, Junior Salesperson)
  • Custom roles cannot be created currently

Alternatives:

  • Use the role closest to what you need
  • Contact support to request new roles
  • Consider using multiple users with different roles

Next Steps