Admin Role - dis-allow user permissions for lower role

I have set up a till in a bar, and only gave them a set role permissions because I know they aren’t very apt at doing a lot of things. Not very technologically great…

I had a call this morning because they broke the till, they created their own admin role and broke a few settings.

Is there a way for a ‘manager’ role to give out a lesser permission but not a higher one? Id like for them to create employee users but not new admin users…


One way could be to set them all as a cashier and use the navigation actions to create auto command buttons that only access the part of the manage menu you want them to, such as proce changes etc

ive done that, but they need to create users… and that’s where this happened, they created an admin user. I need a way where they cannot create a new admin user


Does make sense though that a lower user cannot create one with higher access, it kind of defeats the purpose of user roles if they can just create an admin to “get round the system”

1 Like

maybe this should have been a request…

1 Like

Maybe @emre can allow user roles to be numbered, so admin will always be 1 and then every one under you assign a number to… then the lower numbers cant assign user roles to higher numbers? or even just Admin can create a new Admin role?

Just a thought

This is a big reason I use Entities and not users for employees.

but, can an entity use the admin functions? like add product?

edit: this is for anbother business, I need to allow them to add users and products but not add admin users as they broke some automation commands today

Yes You can give them ability to access management but only put a navigation button set to go to products.

Currently if you want them to be able to add users then you will always have the risk of them adding an admin user… no way around that right now.

Since I use entities there is no reason for my managers to add users… There are only 3 roles Admin for me, Manager, Employee.

My manager has access to a manager pin that gives him specific access to add products change prices, etc but can not access users, or configuration. I do this via custom navigation and Navigate action. He can also add employees because they are Entities.

99% of time the till stays logged in as Employee. All ttransactions are done via the user Employee the manager simply logs out and in as the manager user role only when making changes. When the manager does any transactions it is done via Employee user. All my sales etc is tracked via the Employees entities.

The trick is you do not give the role Admin. You allow the role access to management but you do not put a Management button on the nav screen. You make a specific button for each screen you want them to use, Example Add Product button, Manage Employees button, Product Prices button. etc. That user role will not ever be able to access any other areas of manage. The right click orange bar popup at bottom is only for Admins so if you simply remove the Manage button from navigation you can customize the access you want them to have.

yeah as its not my site, I don’t want them messaging me every time they need a new employee.

If only admin could give an admin role that would fix that issue though

That’s precisely why I use Employee entities… my manager can add employee without ever needing to add a user.

I agree its kind of silly for non admin to be able to add an admin user though.


I know at least kendash and I have had long debates over built in user vs entity user.
I think this is an area that should be renovated in v6 for sure.
I would personally like to see the built in user system developed/extended or possibly if need be somehow merged with a form of entity for increased flexibility and moderation.
The new ability to nav to specific pages of admin is a step in the right direction but think this still needs breaking down further especially for the resellers side of view.