Learn how to invite team members, assign roles (Owner, Manager, Cashier), control outlet access, and manage employee permissions.
KasWarung lets you invite team members and control exactly what each person can access. Assign roles — Owner, Manager, or Cashier — each with different permissions. Assign employees to specific outlets so they can only access data for their assigned locations. All managed from the Management Portal.
The building blocks of access control
Three built-in roles with escalating permissions: Cashier (POS only), Manager (portal access with restrictions), and Owner (full access to everything).
💡 Example:
Cashier John can only use the POS app. Manager Sarah can view reports and manage products but can't change business settings. Owner Budi has full access.
Invite employees by adding their Google account email. They'll be able to log in via Google OAuth on both the portal (Manager) and POS app (Cashier).
💡 Example:
Add employee: email "john@gmail.com", role: Cashier, assigned outlets: Store A and Store B
Each employee can be assigned to one or more outlets. Cashiers only see products and process transactions for their assigned outlet. Managers see reports for their assigned outlets.
💡 Example:
Cashier assigned to "Store A" can only see Store A's catalog and process Store A's transactions — Store B's data is invisible.
Each role has a clear permission set. Owners can do everything. Managers can manage products, view reports, and handle inventory. Cashiers can only process POS transactions.
💡 Example:
Manager: ✓ Products, ✓ Reports, ✓ Inventory, ✗ Settings, ✗ Subscription, ✗ Delete business
Step-by-step guide in the Management Portal
Go to Employees → click "Add Employee". Enter their Google account email, select a role (Cashier or Manager), and assign them to one or more outlets.
Choose Cashier for register-only staff who use the POS app. Choose Manager for supervisors who need portal access for products, inventory, and reports.
Select which outlet(s) the employee can access. Cashiers will only see these outlets in the POS app. Managers will see reports filtered to these outlets.
View employee shift data and transaction history through the Reports module. Track who processed which transactions and shift summaries per cashier.
Role enforcement and data isolation
Permissions are enforced at both the UI level (menus hidden) and the API level (requests blocked). Roles are stored as JWT claims in the authentication token, ensuring server-side enforcement.
Owner
Full access: settings, billing, employees, all outlets, all features. Can delete the business.
Manager
Products, categories, inventory, reports, purchasing, and employee management for assigned outlets.
Cashier
POS app only: catalog browsing, cart, checkout, shift management, and transaction history.
Role changes take effect on the employee's next login. If you change someone from Cashier to Manager, they'll need to log out and back in for the new permissions to apply.
Employee data across the ecosystem
All team members with their roles, assigned outlets, and status (active/inactive). Search, filter, and edit from here.
Color-coded role badges (Owner/Manager/Cashier) appear next to employee names throughout the portal for quick identification.
See which outlets each employee can access. Edit assignments to add or remove outlet access.
When a cashier logs into the POS app, they only see products and data for their assigned outlet(s).
Reports show which cashier operated which shift, including sales totals, transaction counts, and cash discrepancies.
Every transaction records which cashier processed it. View per-employee transaction history in reports.
Get the most out of staff management
Don't give everyone Manager access. Cashiers should be Cashiers — this limits their access to POS-only and reduces risk of accidental data changes in the portal.
Only assign employees to outlets where they actually work. This keeps data isolated and ensures cashiers can't accidentally process transactions for the wrong location.
If an employee leaves, deactivate their account instead of deleting. This preserves their transaction history and shift data in reports. They can no longer log in.
Regularly review shift summaries per cashier to identify cash discrepancies, unusual transaction patterns, or performance issues early.
The number of employees depends on your subscription plan. Free plans have limited employee slots. Professional and Enterprise plans support more team members.
Yes. You can assign an employee to multiple outlets. In the POS app, they select which outlet they're working at when opening a shift.
The new role takes effect on their next login. They need to log out and back in. The previous role's permissions are revoked immediately on the server side.
Yes. Every transaction records the cashier who processed it. View this in the portal under Sales reports or shift detail drill-downs.
They can no longer log in to the POS app or portal. Their historical data (transactions, shifts) remains in reports. You can reactivate them anytime.
Log in to the portal and start inviting employees. Set roles, assign outlets, and control access from one place.
