SUB-ARTICLE under Access management in Sapera. Describes the permissions that control
what employees may do in the POS. Status: DRAFT pending approval.
This article covers the permissions that control the functions in the POS — from the sale screen itself and cash register settlements to payments, dashboards and which menu items each cashier can reach.
You assign these permissions in Financial under Security → Groups → select a group → Permissions (set Allow/Deny per permission). You typically set them on a group (role), and all users in the group inherit them. They govern functions in the POS.
Note about the sale screen: most sale-screen permissions control whether a button or action is available in the POS — they hide or block the action in the user interface. This is the right way to control what each cashier can do day to day.
Controls whether the cashier may enter a custom (manual) price on a product line in the POS. When denied, the "custom price" step in the product configuration is not available on the sale screen.
Controls whether you may create a new customer (person or company) directly from the sale screen in the POS. When denied, the buttons to create a new customer are not available. (Creating also requires the right to select a customer, see below.)
Controls whether you may attach/select a customer on the current sale in the POS. When denied, customer selection is not available on the sale screen — and therefore neither is creating a new customer.
Controls whether you may give or change a discount on the entire sale (overall discount) in the POS. When denied, the overall-discount button is not available on the sale screen.
Controls whether you may make a direct (free) refund from the POS — that is, a refund without referencing an original sale. When denied, the direct-refund action is not available in the POS.
Controls whether the cashier may switch the local agent profile from the sale screen (the agent profile selector). When denied, the profile selector is not available in the POS.
Per-line discount: a discount on the individual product line is controlled by a separate permission that belongs to Inventory — not by the permissions here. It is described in the article about Inventory permissions.
Controls whether you may perform a cash register settlement (closing/Z report) in the POS. When denied, the action to complete the settlement is not available in the settlement list.
Controls whether you may edit the opening cash float (the cash change holding) on a cash register settlement. When denied, the opening amount cannot be changed at settlement.
Controls whether the expected cash holding is shown when a cash register settlement is edited or completed. When denied, the expected amount is hidden, so the employee counts "blind".
Controls whether you may assign or change the voucher (accounting draft) that a cash register settlement is posted to. When denied, the attempt is rejected.
Controls whether you may re-book an already-posted cash register settlement and attach settlement lines on a non-draft settlement. When denied, the attempt is rejected.
Controls whether you may resolve a stuck payment by manually marking an in-progress payment as cancelled or failed. Used when a payment is stuck mid-way. When denied, the attempt is rejected.
Controls whether you may resolve a stuck payment by manually marking an in-progress payment as completed. Used when a payment is stuck mid-way. When denied, the attempt is rejected.
Controls whether the advanced revenue budget data is included in the revenue budget overview in the POS. When denied, the advanced budget figures are not delivered to the POS.
Controls whether you may download the local agent / create an agent connection (download of the local POS agent installation). When denied, the attempt is rejected.
Controls the visibility of each individual dashboard in the POS. The permission is granted per dashboard, so you can decide which dashboards a group may see. When denied, the dashboard in question is not returned to the user.
The permissions below control which menu items and screens in the POS are available to the group. They determine whether the entry point is visible/reachable — the action behind the screen is protected by its own permissions (see above).
Access new sale — makes the new checkout screen available.
Access processed sales — makes processed sales available.
Access cash registers — makes administration of cash registers available.
Access cash register settlements — makes cash register settlements (the overview) available.
Access Preferences — makes preferences available.
Access product dashboard configuration — makes setup of product dashboards available.
Access sale screen buttons configuration — makes setup of sale screen buttons available.
Access sale screen buttons configuration *(toolbar)* — makes setup of the buttons on the sale screen toolbar available.
Configure Local Agent — makes setup of the local agent (agent instances and profiles) available.
Access exchange labels — makes exchange labels available.
Access Revenue Budget Setup — makes setup of the revenue budget available.
Configure MobilePay POS — makes MobilePay setup (MobilePay stores and points of sale) available.
Access Cash register certificates — makes cash register certificates (fiscal/SAF-T certificates) available.
Access Export Saf-T Cash Register data operations — makes SAF-T export of cash register data available.
Note: Two of the permissions above have the same English name — *Access sale screen buttons configuration*. One controls the buttons on the sale screen, the other controls the buttons on the toolbar, but they cannot be told apart by name in the permission tree. So set them with care if you only want to control one of them.
The permissions control which buttons and actions are available in the POS for each employee.
Allow vs. Deny: An explicit Deny wins over an inherited Allow.
Want to know more?
Read more in these related articles:
Access management in Sapera (overview)
What permissions are, where to find them, how they are scoped, and links to one sub-article per area.
Users and passwords (permissions)
The permissions that control administration of employee logins — create, edit, disable, delete, passwords and 2-factor.
