Managing User Accounts and Roles

User management in Sederly allows you to control who has access to your system and what they can do. This guide will help you set up user accounts, assign appropriate roles, and manage permissions effectively.

## User Roles Overview ### Available User Roles Sederly includes several predefined roles with different permission levels: #### Organization Owner - **Full system access** including all settings and data - **User management** - can add, edit, and remove users - **Billing management** - access to subscription and payment settings - **System configuration** - can modify all system settings - **Data export** - can export all business data #### Manager - **Branch management** - full control over assigned branches - **Staff supervision** - can manage staff members - **Reporting access** - view and generate all reports - **Order management** - create, edit, and process orders - **Customer management** - full customer database access - **Inventory control** - manage products and stock levels #### Staff - **Order processing** - create and manage customer orders - **Customer service** - access customer information and history - **Basic reporting** - view daily sales and performance reports - **Product lookup** - search and view product information - **Payment processing** - handle customer payments #### Accountant - **Financial reporting** - access to all financial data and reports - **Order history** - view completed transactions - **Tax reporting** - generate tax-related reports - **Payment tracking** - monitor payment methods and totals - **Limited editing** - cannot modify orders or customer data #### Production/Kitchen - **Order fulfillment** - view orders requiring preparation - **Status updates** - mark orders as prepared or ready - **Product information** - access to preparation instructions - **Limited access** - cannot view pricing or customer details ## Adding New Users ### User Creation Process #### Step-by-Step User Addition: 1. Navigate to **Settings** > **Users** 2. Click **"Add New User"** button 3. Complete the user information form 4. Assign appropriate role and permissions 5. Send invitation to the new user #### Required User Information: - **Full Name**: Employee's complete name - **Email Address**: Must be unique, used for login - **Phone Number**: Contact number for the user - **Employee ID**: Internal identifier (optional) - **Department**: User's department or team - **Job Title**: Position within the organization #### Optional Information: - **Profile Photo**: Upload user's photo - **Start Date**: Employment start date - **Manager**: Assign reporting manager - **Notes**: Additional information about the user ### Role Assignment #### Role Selection Guidelines: - **Consider job responsibilities** - match role to actual duties - **Follow principle of least privilege** - give minimum necessary access - **Review regularly** - update roles as responsibilities change - **Document decisions** - keep records of why roles were assigned #### Branch Assignment: - **Primary Branch**: Main working location - **Additional Branches**: Other accessible locations - **Access Level**: Full or limited branch access - **Temporary Access**: Time-limited branch access ### User Invitation Process #### Sending Invitations: 1. **System generates invitation** email automatically 2. **User receives email** with setup instructions 3. **User clicks invitation link** to activate account 4. **User sets password** and completes profile 5. **User gains access** to assigned features #### Invitation Management: - **Resend invitations** if not received - **Cancel pending invitations** if needed - **Track invitation status** (sent, opened, accepted) - **Set expiration dates** for security ## Permission Management ### Understanding Permissions #### Core Permission Categories: **Order Management:** - Create new orders - Edit existing orders - Delete orders - Process payments - Issue refunds - View order history **Customer Management:** - Add new customers - Edit customer information - Delete customer records - View customer history - Export customer data **Product Management:** - Add new products - Edit product information - Manage inventory levels - Set product pricing - Create product categories **Reporting:** - View sales reports - Generate financial reports - Access customer analytics - Export report data - Schedule automated reports **System Settings:** - Modify organization settings - Manage user accounts - Configure payment methods - Set up integrations - Access system logs ### Custom Permission Sets #### Creating Custom Roles: 1. Go to **Settings** > **Roles & Permissions** 2. Click **"Create Custom Role"** 3. **Name the role** descriptively 4. **Select permissions** from available options 5. **Save the custom role** 6. **Assign to users** as needed #### Permission Combinations: - **Sales Associate**: Orders + Customers + Basic Reporting - **Inventory Manager**: Products + Inventory + Stock Reports - **Customer Service**: Customers + Order History + Returns - **Shift Supervisor**: Staff permissions + Daily Reports + Cash Management ## User Account Management ### Editing User Information #### Updating User Details: 1. **Find user** in Users list 2. **Click "Edit"** next to user name 3. **Modify information** as needed 4. **Update role or permissions** if required 5. **Save changes** to apply updates #### Common Updates: - **Contact information** changes - **Role promotions** or changes - **Branch reassignments** - **Permission adjustments** - **Status changes** (active/inactive) ### Account Status Management #### User Status Options: - **Active**: User can log in and access system - **Inactive**: User cannot log in but data is preserved - **Suspended**: Temporary access restriction - **Pending**: Invitation sent but not yet accepted #### Deactivating Users: 1. **Select user** from Users list 2. **Change status** to "Inactive" 3. **Confirm deactivation** in dialog 4. **User loses access** immediately 5. **Data remains** for historical purposes ### Password and Security Management #### Password Policies: - **Minimum length**: 8-16 characters - **Complexity requirements**: Mix of letters, numbers, symbols - **Expiration**: Regular password changes - **History**: Prevent password reuse #### Security Features: - **Two-factor authentication**: Optional or required 2FA - **Login monitoring**: Track login attempts and locations - **Session management**: Control concurrent sessions - **Account lockout**: Automatic lockout after failed attempts ## Multi-Branch User Management ### Branch-Specific Access #### Branch Assignment Options: - **Single Branch**: User works at one location only - **Multiple Branches**: User has access to several locations - **All Branches**: User can access any branch - **Temporary Access**: Time-limited branch access #### Branch-Level Permissions: - **Full Access**: Complete control over branch operations - **Limited Access**: Specific functions only - **View Only**: Can see data but not modify - **Reporting Access**: Can generate branch reports ### Managing Traveling Staff #### Mobile User Configuration: - **Primary branch** assignment for reporting - **Temporary branch** access for travel - **Mobile device** registration and management - **Location-based** access controls ## User Activity Monitoring ### Activity Tracking #### Tracked Activities: - **Login/logout** times and locations - **Order creation** and modifications - **Payment processing** activities - **Data exports** and report generation - **Settings changes** and configurations #### Activity Reports: - **User performance** metrics - **Login patterns** and frequency - **Feature usage** statistics - **Error rates** and issues - **Security events** and alerts ### Audit Trail #### Audit Information: - **Who**: Which user performed the action - **What**: What action was performed - **When**: Date and time of action - **Where**: Which branch or location - **Why**: Reason or context (if provided) ## Best Practices ### Security Best Practices #### Access Control: - **Regular access reviews** - quarterly permission audits - **Immediate deactivation** - remove access for departing employees - **Principle of least privilege** - minimum necessary permissions - **Role-based access** - use predefined roles when possible #### Password Management: - **Strong password policies** - enforce complexity requirements - **Regular password changes** - require periodic updates - **No password sharing** - each user has unique credentials - **Secure password storage** - use password managers ### Operational Best Practices #### User Onboarding: - **Comprehensive training** on system usage - **Role-specific training** for assigned functions - **Security awareness** training - **Regular check-ins** during first month #### Ongoing Management: - **Regular role reviews** - ensure roles match responsibilities - **Performance monitoring** - track user productivity - **Feedback collection** - gather user experience feedback - **Continuous improvement** - update processes based on feedback ## Troubleshooting Common Issues ### Login Problems #### User Cannot Log In: - **Check account status** - ensure account is active - **Verify email address** - confirm correct login email - **Reset password** - send password reset link - **Check browser** - clear cache and cookies - **Verify network** - ensure internet connectivity #### Permission Issues: - **Review role assignment** - confirm appropriate role - **Check branch access** - verify branch permissions - **Update permissions** - modify as needed - **Clear browser cache** - refresh permission cache ### Account Management Issues #### Invitation Problems: - **Check spam folder** - invitation may be filtered - **Resend invitation** - generate new invitation link - **Verify email address** - ensure correct email - **Check expiration** - invitation may have expired #### Role Assignment Issues: - **Verify role exists** - ensure role is properly configured - **Check permissions** - confirm role has necessary permissions - **Review conflicts** - resolve permission conflicts - **Update role definition** - modify role as needed