User Roles & Permissions
eKaha uses role-based access control (RBAC) to manage what each team member can see and do.
Available Roles
| Role | Access Level | Typical Use |
|---|---|---|
| Owner | Full access to everything | Business owner |
| Admin | Full operational access | Shop manager |
| Cashier | POS, basic sales view | Checkout staff |
| Staff | Limited operational access | General employees |
| Viewer | Read-only access | Accountants, observers |
Role Capabilities
#### Owner
- All admin capabilities
- Manage billing and subscription
- Add/remove shops (Enterprise)
- Delete shop data
#### Admin
- Add/edit/delete products
- Manage inventory
- View all reports
- Add/manage team members (except owners)
- Access audit logs (Premium)
#### Cashier
- Process sales on POS
- View own sales history
- Apply discounts (if permitted)
- Clock in/out (attendance)
#### Staff
- View products and inventory
- Clock in/out (attendance)
- Limited POS access based on configuration
#### Viewer
- Read-only access to dashboard
- View reports and analytics
- No ability to modify data
Adding Team Members
- Go to Team in the sidebar
- Click Add Member
- Enter the person's email address
- Select their role
- They receive an email invitation to join your shop
Changing Roles
- Go to Team
- Find the team member
- Click on their role
- Select the new role
- Changes take effect immediately
Best Practices
- Principle of least privilege: Give each person only the access they need
- Use the Cashier role for checkout staff -- they do not need inventory or report access
- Use the Viewer role for accountants who only need to see reports
- Audit regularly: Review team members and their roles monthly
- Remove access promptly when someone leaves the team