User roles allow you to flexibly and securely control your employees' access rights in bessa Kassa. Roles encapsulate permissions and enable efficient management of access rights for different areas of responsibility.
What are User Roles?
User roles combine multiple permissions into logical units. Instead of assigning individual permissions to each user, you assign them one or more roles. This significantly simplifies management and ensures clarity for larger teams.
Key characteristics:
-
Unlimited number of roles can be created
-
Each role can contain any number of permissions
-
Users can be assigned multiple roles simultaneously
-
Roles can be created, edited, and deleted at any time
Multiple Roles per User
A user can have multiple roles simultaneously. An important rule applies: Denials take precedence over permissions. If one role grants a permission but another role blocks the same permission, the function is blocked for the user.
Example: A user has the roles "Service Staff" (with permission to cancel) and "Temporary Worker" (without permission to cancel). Since the "Temporary Worker" role blocks cancellation, this user cannot perform cancellations.
Permissions Overview
Permissions control access to specific functions in bessa Kassa. They are grouped into roles and precisely define which actions a user may perform.
Ordering and Sales
These permissions regulate basic sales functions at the POS.
Order (Counter)
Allows or prevents direct ordering without tables at the counter.
Open Orders
Allows or prevents creating and editing open orders as well as, in combination with "Manage Customers", posting an order to a customer account. Can be defined in more detail with the permissions "Order", "Cancel" and "Pay".
Cancel
Allows or prevents canceling an open order.
Pay
Allows or prevents paying an open order.
Create Multiple Tickets
Allows or prevents creating and parking multiple open tickets.
Apply Discount
Allows or prevents applying a discount to items or orders.
Table Management and Table Booking
Permissions for establishments with table service and rooms.
Tables
Enables or disables rooms and tables as well as ordering and paying at tables. Can be defined in more detail with the permissions "Order at Table", "Transfer Table", "Cancel Table" and "Pay Table".
Order at Table
Allows or prevents ordering at tables.
Transfer Table
Allows or prevents transferring tables to other tables.
Cancel Table
Allows or prevents canceling at tables.
Pay Table
Allows or prevents paying at tables.
Manage Table-User Binding
Allows or prevents managing or overriding a table binding to a user.
Payment Methods
Control which payment methods your employees may use.
Pay with Cash
Allows or prevents paying with cash.
Pay with Card
Allows or prevents paying with card.
Pay with Bank Transfer
Allows or prevents paying with bank transfer.
Internal Payment (Personal Consumption, ...)
Allows or prevents posting to internal payments such as personal consumption, complimentary, breakage or other non-payment transactions.
Payment Management
Comprehensive control over completed invoices and their post-processing.
Manage Payments
Allows or prevents the display of the invoice list including editing. Can be defined in more detail with the permissions "Print Invoice Copy", "Cancel Invoice", "Restore Invoice", "Create Credit Note for Invoice" and "Change Payment Method".
Print Invoice Copy
Allows or prevents printing invoice copies. Requires the "Manage Payments" permission.
Cancel Invoice
Allows or prevents canceling invoices. Requires the "Manage Payments" permission.
Restore Invoice
Allows or prevents canceling an invoice and simultaneously restoring the order. Requires the "Manage Payments" permission.
Create Credit Note for Invoice
Allows or prevents creating credit notes for invoices. Requires the "Manage Payments" permission.
Change Payment Method
Allows or prevents changing the payment method of invoices. Requires the "Manage Payments" permission.
Reports and Evaluations
Control access to sales reports and shift closures.
Reports
Allows or prevents opening reports. Can be defined in more detail with the permissions "Own Reports Only", "View Shift Report" and "Today's Report Only".
Manage Shift Closures
Allows or prevents starting and ending cash register closures. Can be defined in more detail by the "View Shift Report" permission.
View Shift Report
Allows or prevents displaying and printing the shift report.
Own Reports Only
If enabled, only own sales may be evaluated in the reports. Other employees' sales remain hidden.
Today's Report Only
If enabled, only reports for the current day may be displayed and printed.
Advanced Reports
Allows or prevents the display of advanced reports in the manager.
System and Settings
Permissions for administrative functions and system access.
Settings
Allows or prevents opening the settings in the POS app. Can be defined in more detail with the permissions "Manage Fiscalization", "Manage Printers" and "Logout".
Logout
Allows or prevents logging out of the POS app. Requires the "Settings" permission.
Manage Fiscalization
Allows or prevents initializing and restoring the signature device. Requires the "Settings" permission.
Manage Printers
Allows or prevents managing printers. Requires the "Settings" permission.
Manager Access
Allows or prevents manager access via the POS app.
Customer Management
Manage Customers
Allows or prevents creating, editing and deleting customers as well as, in combination with "Open Orders", posting orders to a customer account.
Voucher Management
Manage Vouchers
Allows or prevents the list of all vouchers and deleting vouchers.
Warehouse Management
Warehouse Management
Allows or prevents opening the inventory view as well as editing inventory levels.
Cash Book
Cash Book
Allows or prevents opening and editing the cash book.
Online Orders and Delivery Services
Online Orders
Allows or prevents the display and acceptance of orders via ordering platforms and delivery services.
Kiosk and Self-Service
Kiosk Mode
Enables or disables starting kiosk/self-service mode when switching to the assigned user. In kiosk mode, the POS is put into a locked self-service mode.
Example Roles for Different Use Cases
Manager / Business Owner
Purpose: Full access to all functions
Permissions: All permissions enabled
This role is suitable for business owners, branch managers or managers who need unrestricted access to all POS functions, reports and settings.
Service Staff / Waiter
Purpose: Table service without administrative functions
Typical Permissions:
-
Tables (all table permissions)
-
Order at Table
-
Pay Table
-
Pay with Cash
-
Pay with Card
-
Pay with Bank Transfer
-
Reports (own reports only)
Blocked:
-
Cancel (Cancel Table)
-
Manage Shift Closures
-
Manage Fiscalization
-
Manager Access
-
Internal Payment
-
Settings
This role enables serving guests at tables and billing but prevents cancellations and administrative interventions.
Self-Service Kiosk
Purpose: Automatic kiosk mode for self-service
Permissions: Only "Kiosk Mode" enabled
When switching to a user with this role, the POS automatically enters locked kiosk mode. This is suitable for self-service terminals without staff operation.
Warehouse Manager
Purpose: Exclusively warehouse management without POS functions
Permissions: Only "Warehouse Management" enabled
This role allows employees to manage inventory without having access to sales or POS functions.
Best Practices for User Roles
Principle of Least Privilege
Grant only the permissions that are truly necessary for the respective activity. This increases security and reduces sources of error.
Clear Role Naming
Use meaningful names for your roles such as "Service Staff", "Bartender" or "Weekend Helper". This facilitates assignment to users.
Regular Review
Check at regular intervals whether the permissions still correspond to actual requirements, especially when there are changes in workflows.
Documentation
Record which role is intended for which area of use. This helps with onboarding new employees and troubleshooting.
Test Assignments
Test new roles first with a test user before using them productively.
Frequently Asked Questions
Can a user work without a role?
No, every user needs at least one role with the corresponding permissions to work in bessa Kassa.
What happens if a user has conflicting roles?
Denials always take precedence. If one role allows a function and another blocks it, the function is blocked.
Can roles be changed retrospectively?
Yes, permissions in roles can be adjusted at any time. The changes immediately affect all users with this role.
How many permissions should a role have?
This depends on the use case. Group permissions so that they form a logical work unit. Avoid too many or too few permissions per role.