Roles
Kensium POS uses role-based security to assign permissions to the users of its system. Permissions are always defined at the role level, and the combination of roles that are assigned to the user determines the user’s effective permissions.
Use the Roles page to assign permissions to each role level.
POS is pre-configured with standard roles. In order of security access they are:
- Administrator – Kensium personnel that can perform any action within POS, including configuration.
- Owner – users who perform management-level activities at an organization, including viewing organization-wide data, and have access to most of the system (outside of configuration).
- Manager– users who perform management-level activities at a store site.
- Service Clerk – users who perform customer service, accessing member accounts.
- Salesperson – users who can create sales transactions and orders.
- Fulfillment Clerk – users with the primary task of fulfilling orders.
- GraphQL User – a user who can use use the POS admin console to interactively run GraphQL queries. This role is usually combined with other roles that define which queries can be executed.
- Authenticated – any user who is logged into the system front end (the customer-facing UI) or admin console (e.g. a clerk).
- Anonymous – any user who is not logged in, i.e. a customer browsing the system front end.
Do not give administrator access to client users. Kensium personnel should be the only administrators. Instead, assign manager-level client users to either the “Owner” or “Manager” roles.
The following roles can currently be ignored, as they are intended for general content management activities. They may be useful for future features or customization, but are not used now:
- Author
- Contributor
- Editor
- Moderator
a) Custom Roles & Permissions
With the roles feature, you can create your own roles, assign permissions to these new roles, or adjust permissions on existing roles.
To add a new role, click the Add Role button on the roles list page. To edit permissions, click the Edit button beside any role.
The role editor page shows a long list of permissions that can be assigned to a role.
- To enable a permission for a role, select the Allow checkbox.
- The Effective checkbox is read-only. It will be selected if related permissions already imply that the permission is set. For example, permission to write a certain type of content item implies that read permission is also selected for the content type.
The full list of permissions is outside the scope of this help page. Most of the permissions are self-documenting; some notable permissions are described elsewhere in the help system.
b) POS Upgrades
POS version upgrades will automatically reset and apply permissions to the standard roles described above. This practice ensures that new functionality is reflected in the permissions system, and that POS roles are locked down to suitable permissions.
POS version upgrades will overwrite any custom permission changes that are made to standard roles. Use custom roles if you want to define custom permissions for your users; these will not be upgraded by POS during a version upgrade.