User roles allow you to flexibly and securely control your employees' access rights in bessa Kassa. Roles encapsulate permissions and enable efficient management of access rights for different areas of responsibility.
What are User Roles?
User roles combine multiple permissions into logical units. Instead of assigning individual permissions to each user, you assign them one or more roles. This significantly simplifies management and ensures clarity for larger teams.
Key characteristics:
-
Unlimited number of roles can be created
-
Each role can contain any number of permissions
-
Users can be assigned multiple roles simultaneously
-
Roles can be created, edited, and deleted at any time
Multiple Roles per User
A user can have multiple roles simultaneously. An important rule applies: Denials take precedence over permissions. If one role grants a permission but another role blocks the same permission, the function is blocked for the user.
Example: A user has the roles "Service Staff" (with permission to cancel) and "Temporary Worker" (without permission to cancel). Since the "Temporary Worker" role blocks cancellation, this user cannot perform cancellations.
Permissions Overview
Permissions control access to specific functions in bessa Kassa. They are grouped into roles and precisely define which actions a user may perform.
Ordering and Sales
These permissions regulate basic sales functions at the POS.
Order (Counter) Allows or prevents direct ordering without tables at the counter.
Open Orders Allows or prevents creating and editing open orders as well as, in combination with "Manage Customers", posting an order to a customer account. Can be defined in more detail with the permissions "Order", "Cancel" and "Pay".
Cancel Allows or prevents canceling an open order.
Pay Allows or prevents paying an open order.
Create Multiple Tickets Allows or prevents creating and parking multiple open tickets.
Apply Discount Allows or prevents applying a discount to items or orders.
Table Management and Table Booking
Permissions for establishments with table service and rooms.
Tables Enables or disables rooms and tables as well as ordering and paying at tables. Can be defined in more detail with the permissions "Order at Table", "Transfer Table", "Cancel Table" and "Pay Table".
Order at Table Allows or prevents ordering at tables.
Transfer Table Allows or prevents transferring tables to other tables.
Cancel Table Allows or prevents canceling at tables.
Pay Table Allows or prevents paying at tables.
Manage Table-User Binding Allows or prevents managing or overriding a table binding to a user.
Payment Methods
Control which payment methods your employees may use.
Pay with Cash Allows or prevents paying with cash.
Pay with Card Allows or prevents paying with card.
Pay with Bank Transfer Allows or prevents paying with bank transfer.
Internal Payment (Personal Consumption, ...) Allows or prevents posting to internal payments such as personal consumption, complimentary, breakage or other non-payment transactions.
Invoice Management
Comprehensive control over completed invoices and their post-processing.
Manage Invoices Allows or prevents the display of the invoice list including editing. Can be defined in more detail with the permissions "Print Invoice Copy", "Cancel Invoice", "Restore Invoice", "Create Credit Note for Invoice" and "Change Payment Method".
Print Invoice Copy Allows or prevents printing invoice copies. Requires the "Manage Invoices" permission.
Cancel Invoice Allows or prevents canceling invoices. Requires the "Manage Invoices" permission.
Restore Invoice Allows or prevents canceling an invoice and simultaneously restoring the order. Requires the "Manage Invoices" permission.
Create Credit Note for Invoice Allows or prevents creating credit notes for invoices. Requires the "Manage Invoices" permission.
Change Payment Method Allows or prevents changing the payment method of invoices. Requires the "Manage Invoices" permission.
Reports and Evaluations
Control access to sales reports and shift closures.
Reports Allows or prevents opening reports. Can be defined in more detail with the permissions "Own Reports Only", "View Shift Report" and "Today's Report Only".
Manage Shift Closures Allows or prevents starting and ending cash register closures. Can be defined in more detail by the "View Shift Report" permission.
View Shift Report Allows or prevents displaying and printing the shift report.
Own Reports Only If enabled, only own sales may be evaluated in the reports. Other employees' sales remain hidden.
Today's Report Only If enabled, only reports for the current day may be displayed and printed.
Advanced Reports Allows or prevents the display of advanced reports in the Manager.
System and Settings
Permissions for administrative functions and system access in the POS app.
Settings Allows or prevents opening the settings in the POS app. Can be defined in more detail with the permissions "Manage Fiscalization", "Manage Printers" and "Logout".
Logout Allows or prevents logging out of the POS app. Requires the "Settings" permission.
Manage Fiscalization Allows or prevents initializing and restoring the signature device. Requires the "Settings" permission.
Manage Printers Allows or prevents managing printers. Requires the "Settings" permission.
Customer Management
Manage Customers Allows or prevents creating, editing and deleting customers as well as, in combination with "Open Orders", posting orders to a customer account.
Voucher Management
Manage Vouchers Allows or prevents the list of all vouchers and deleting vouchers.
Warehouse Management
Warehouse Management Allows or prevents opening the inventory view as well as editing inventory levels.
Cash Book
Cash Book Allows or prevents opening and editing the cash book.
Online Orders and Delivery Services
Online Orders Allows or prevents the display and acceptance of orders via ordering platforms and delivery services.
Kiosk and Self-Service
Kiosk Mode Enables or disables starting kiosk/self-service mode when switching to the assigned user. In kiosk mode, the POS is put into a locked self-service mode.
Manager Permissions
These permissions exclusively control access to functions in the bessa Manager (web interface) and do not apply in the bessa Kassa app.
Manager Access Allows or prevents manager access via the POS app.
Dashboard Allows or prevents the display of the Dashboard in the Manager.
Order Management Allows or prevents access to order management in the Manager. This can be defined in more detail with the permissions "Manage Offers", "Open Orders" and "Manage Invoices".
Manage Offers Allows or prevents creating and editing offers in order management. Requires the "Order Management" permission.
Manage Articles Allows or prevents the display and management of articles in the Manager.
Manage Locations Allows or prevents the display and management of locations in the Manager.
Manage Master Data Allows or prevents the display and management of master data in the Manager.
Warning: Elevated Access Rights
The "Manage Master Data" permission also grants access to user roles and permissions. Users with this permission can themselves assign and manage permissions. Grant this permission exclusively to trusted individuals.
Example Roles for Different Use Cases
Manager / Business Owner
Purpose: Full access to all functions Permissions: All permissions enabled (incl. all Manager permissions)
This role is suitable for business owners, branch managers or managers who need unrestricted access to all POS functions, reports, settings and the bessa Manager.
Service Staff / Waiter
Purpose: Table service without administrative functions Typical Permissions:
-
Tables (all table permissions)
-
Order at Table
-
Pay Table
-
Pay with Cash
-
Pay with Card
-
Pay with Bank Transfer
-
Reports (own reports only)
Blocked:
-
Cancel (Cancel Table)
-
Manage Shift Closures
-
Manage Fiscalization
-
Manager Access
-
Internal Payment
-
Settings
This role enables serving guests at tables and billing but prevents cancellations and administrative interventions.
Self-Service Kiosk
Purpose: Automatic kiosk mode for self-service Permissions: Only "Kiosk Mode" enabled
When switching to a user with this role, the POS automatically enters locked kiosk mode. This is suitable for self-service terminals without staff operation.
Warehouse Manager
Purpose: Exclusively warehouse management without POS functions Permissions: Only "Warehouse Management" enabled
This role allows employees to manage inventory without having access to sales or POS functions.
Best Practices for User Roles
Principle of Least Privilege Grant only the permissions that are truly necessary for the respective activity. This increases security and reduces sources of error.
Clear Role Naming Use meaningful names for your roles such as "Service Staff", "Bartender" or "Weekend Helper". This facilitates assignment to users.
Regular Review Check at regular intervals whether the permissions still correspond to actual requirements, especially when there are changes in workflows.
Documentation Record which role is intended for which area of use. This helps with onboarding new employees and troubleshooting.
Test Assignments Test new roles first with a test user before using them productively.
Frequently Asked Questions
Can a user work without a role? No, every user needs at least one role with the corresponding permissions to work in bessa Kassa.
What happens if a user has conflicting roles? Denials always take precedence. If one role allows a function and another blocks it, the function is blocked.
Can roles be changed retrospectively? Yes, permissions in roles can be adjusted at any time. The changes immediately affect all users with this role.
How many permissions should a role have? This depends on the use case. Group permissions so that they form a logical work unit. Avoid too many or too few permissions per role.