# Roles

Roles control what your team members can do in Flow Retail. Instead of setting up permissions for each person individually, you assign them a role — and the role includes everything they need.

{% hint style="success" %}
**Quick answer:** Most store staff need **Salesperson** at **Store** level. Store managers need **Store Manager** at Store level. See common combinations below.
{% endhint %}

### How roles work

A role is a collection of permissions bundled together. When you assign a role to a user, they get all the permissions included in that role.

Roles can be assigned at three levels:

| Level                      | What it means                                 | Example                              |
| -------------------------- | --------------------------------------------- | ------------------------------------ |
| **Whole Company (tenant)** | Access to all stores across all organizations | Administrators, head office staff    |
| **Organization**           | Access to all stores within one legal entity  | Managers overseeing one organization |
| **Store**                  | Access to one store only                      | Store staff, local managers          |

Access works top-down: Whole Company access automatically includes all organizations and stores. Organization access includes all stores in that organization. Store access covers just that one store.

{% hint style="success" %}

#### Store level is enough for most users

Save Whole Company access for people who really need to see everything.
{% endhint %}

#### When a user has multiple roles

If a user has roles at different levels, their permissions combine. For example:

* A user with **Salesperson** at Store level for "Oslo" can only work in the Oslo store
* Add **Accounting** at Whole Company level, and they can also view reports for all stores

***

### Default system roles

Flow Retail includes six pre-configured roles. You can use these directly or as templates for custom roles.

| Role                           | Description                                  | Includes                                                          | Use for                                |
| ------------------------------ | -------------------------------------------- | ----------------------------------------------------------------- | -------------------------------------- |
| **Administrator**              | Full access to everything                    | All permissions                                                   | Business owners, IT admins             |
| **Backoffice**                 | Admin access without full system control     | Products, customers, reporting, purchasing, and more              | Head office staff, operations managers |
| **Store Manager** (Butikksjef) | Full control of day-to-day store operations  | <p>Sales, returns, </p><p>, stock, reporting, till operations</p> | Store managers, shift supervisors      |
| **Salesperson** (Selger)       | Permissions for everyday sales work          | Sales orders, returns, customer info, till operations             | Sales associates, retail staff         |
| **Accounting** (Regnskap)      | Access to reports only                       | Reporting                                                         | Accountants, financial controllers     |
| **Warehouse** (Lager)          | Permissions for warehouse and inventory work | Goods receiving, stock management, stocktaking                    | Warehouse staff, stock controllers     |

{% hint style="warning" %}
Limit **Administrator** to a small number of people. It bypasses all permission checks and gives full access to everything.
{% endhint %}

***

### Here's what we recommend for common user types

| Job function              | Role          | Level                    |
| ------------------------- | ------------- | ------------------------ |
| Sales associate           | Salesperson   | Store                    |
| Store manager             | Store Manager | Store                    |
| Multi-store manager       | Store Manager | Organization             |
| Head office staff         | Backoffice    | Whole Company            |
| Accountant                | Accounting    | Whole Company            |
| Warehouse worker          | Warehouse     | Store (or Whole Company) |
| Business owner / IT admin | Administrator | Whole Company            |

***

### Custom roles

If the default roles don't fit your needs, you can create custom roles with any combination of permissions.

This is useful when you need to:

* Combine permissions from multiple default roles
* Limit access to specific features
* Support job functions that don't fit the default roles

See Permissions for a full list of available permissions.

{% hint style="success" %}
**Tip:** You don't need to recreate a full role just to add one permission. Create a small custom role with only the extra permission, and assign it alongside the default role. The user gets both sets of permissions combined.
{% endhint %}

{% hint style="success" %}

#### Required permission

Creating and managing custom roles requires the USER permission, which is included in the Administrator and Backoffice roles.
{% endhint %}

#### How do I create a custom role?

{% stepper %}
{% step %}

#### Open roles in Admin

Head to **Users → Roles** in Admin and select **New Role**.
{% endstep %}

{% step %}

#### Configure the role

Give it a descriptive name and select the permissions to include.
{% endstep %}

{% step %}

#### Save

Select **Save**. You can now assign the custom role to users like any other role.
{% endstep %}
{% endstepper %}

***

### Managing roles

Head to **Users → Roles** in Admin to manage roles. From here you can:

* View all available roles and their permissions
* Create new custom roles
* Edit existing custom roles
* Delete custom roles that are no longer needed

System roles (Administrator, Backoffice, Store Manager, Salesperson, Accounting, Warehouse) cannot be modified or deleted.

#### Assigning roles to users

Roles are assigned when you create or edit a user. See Users for step-by-step instructions.

***

### Best practices

**✅ Do**

* **Start with the least access needed** — it's easier to add access later than to clean up after too much
* **Match role to actual job function** — a salesperson doesn't need Store Manager access
* **Review roles regularly** — as your business changes, check that role assignments still match actual job functions
* **Name custom roles clearly** — use descriptive names that explain what the role is for

**❌ Don't**

* **Don't give everyone Administrator** — it bypasses all permission checks and should be limited to a few people
* **Don't use Whole Company for store staff** — reserve it for people who genuinely need to see everything
* **Don't forget to remove access** — when someone changes role or leaves, update their permissions
* **Don't skip documentation** — if you create custom roles, note what each is for and who should have it


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.flowretail.com/docs/getting-started/users-and-roles/roles.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.