Heads up, our devs are blazing ahead—docs are catching up, so some features might not be fully documented yet.
Visit our websiteAPI Docs

Roles

Flow Retail uses a flexible role-based access control system that determines what each user can see and do.

Roles bundle permissions together, making it easy to manage access for your team without configuring each user individually.

The system supports three permission levels:

  • Tenant level for organization-wide administrative access

  • Organization level for access across a group of stores

  • Store level for access to specific store operations

This hierarchy allows you to grant broad access to administrators while limiting operational staff to only the stores they work in.

How roles work

A role is a named collection of permissions.

When you assign a role to a user, they receive all the permissions included in that role.

Users can be assigned roles at different levels:

  • Tenant role: Grants permissions across all stores in your account. Ideal for administrators, back-office staff, and anyone who needs organization-wide access.

  • Organization role: Grants permissions to all stores within a specific organization. Useful for regional managers or staff who oversee multiple locations.

  • Store role: Grants permissions to a specific store only. Perfect for store staff who should only access their own location.

When a user has roles at multiple levels, their permissions combine. For example, a user with a tenant-level reporting permission can view reports for all stores, while a user with the same permission at store level can only view reports for that specific store.

Permission hierarchy

Permissions flow downward through the hierarchy:

A user with tenant-level access automatically has access to all organizations and stores. A user with organization-level access has access to all stores in that organization. A user with store-level access can only access that specific store.

Some permissions only make sense at the tenant level, such as managing products or configuring payment methods. These settings apply across your entire account and cannot be scoped to individual stores. Other permissions, like processing sales or viewing reports, can be granted at any level depending on how much access you want to give.

Default system roles

Flow Retail includes six pre-configured roles that cover common use cases. You can assign these directly or use them as templates for custom roles.

Administrator

Full administrative access to all system functions. Users with this role can perform any action in Flow Retail, including managing other users and system configuration. Assign this role to business owners and IT administrators who need unrestricted access.

Use case: Business owners, IT administrators, system managers

Backoffice

Comprehensive access to back-office administration without full system control. Includes product management, customer management, reporting, purchasing, and most administrative functions. Does not include the ability to manage users or critical system settings.

Use case: Head office staff, product teams, operations managers

Store Manager (Butikksjef)

Full operational access for running a store. Includes sales, returns, purchasing, receiving goods, reporting, stock management, till operations, and store configuration. Designed for store managers who need complete control over their location.

Use case: Store managers, assistant managers, shift supervisors with full responsibility

Salesperson (Selger)

Basic permissions for customer-facing sales work. Includes creating sales orders, processing returns, accessing customer information, and performing till operations. This is the standard role for sales staff.

Use case: Sales associates, customer service representatives, retail staff

Accounting (Regnskap)

Access to financial and business reports only. Does not include operational permissions. Designed for finance teams who need visibility into business performance without the ability to process transactions.

Use case: Accountants, financial controllers, business analysts

Warehouse (Lager)

Permissions for warehouse and inventory operations. Includes receiving goods, managing stock levels, and performing stock counts. Suitable for warehouse staff who handle inventory but do not process sales.

Use case: Warehouse staff, stock controllers, receiving clerks

Assigning roles to users

Each user needs at least one role to access Flow Retail.

When setting up a user, consider:

  1. What level of access do they need?

    • Organization-wide access → Assign a tenant-level role

    • Multiple stores in one region → Assign an organization-level role

    • Single store only → Assign a store-level role

  2. What tasks will they perform?

    • Match their responsibilities to the appropriate role

    • Users can have different roles at different levels if needed

  3. Do they need access to multiple stores?

    • For the same permissions across stores, use a tenant or organization role

    • For different permissions per store, assign separate store-level roles

Common role combinations

User Type
Recommended Setup

Business owner

Administrator (tenant level)

Head office staff

Backoffice (tenant level)

Regional manager

Butikksjef (organization level)

Store manager

Butikksjef (store level)

Sales associate

Selger (store level)

Warehouse worker

Lager (store level or tenant level)

Accountant

Regnskap (tenant level)

Custom roles

If the default roles do not match your needs, you can create custom roles with any combination of permissions.

This is useful when:

  • You need a role that combines permissions from multiple default roles

  • You want to restrict access to specific features within a broader category

  • Your organization has unique job functions that do not map to standard roles

To create a custom role, go to Users > Roles in the admin panel. Give your role a descriptive name and select the permissions it should include. You can then assign this role to users like any other role.

Managing roles

Roles are managed in the admin panel under Users > Roles. From here you can:

  • View all available roles and their permissions

  • Create new custom roles

  • Edit existing custom roles

  • Delete custom roles that are no longer needed

System roles (Administrator, Backoffice, Butikksjef, Selger, Regnskap, Lager) cannot be modified or deleted, but you can create custom roles based on them.

To assign roles to users, go to Users in the admin panel and select the user you want to configure. You can assign tenant-level roles directly on the user profile, and store-level roles in the store access section.

Best practices

Start with the principle of least privilege. Give users only the permissions they need to do their job. It is easier to add permissions later than to deal with issues caused by excessive access.

Use tenant-level roles sparingly. Most operational staff should have store-level roles. Reserve tenant-level access for administrators and staff who genuinely need organization-wide capabilities.

Review roles regularly. As your business evolves, user responsibilities change. Periodically audit role assignments to ensure they still match actual job functions.

Name custom roles clearly. When creating custom roles, use descriptive names that indicate the role's purpose. This makes it easier to assign the right role to new users.

Document your role structure. If you create multiple custom roles, maintain documentation of what each role is for and who should have it. This helps with onboarding and access reviews.

PreviousUsers and rolesNextPermissions

Last updated

Was this helpful?