This article is for administrators. It covers the ready-made sales roles you can assign to staff, and the audit trail that records every change to who can access what.
Sales roles
Instead of granting individual sales permissions one by one, assign one of these ready-made roles (Admin menu > user management > assign role). Each bundles the permissions for a job function, following least privilege.
| Role | For | What it can do |
|---|---|---|
| Sales - Order Clerk | Inside / junior sales | Build draft sales orders and read across sales. Cannot commit orders to the ERP (a manager does that). |
| Sales - Representative | Core sales | Full order-to-shipment cycle plus manage customers. Can create, edit and place orders and shipments. |
| Sales - Manager | Team lead | Everything a Representative does, plus issue and approve credit notes and override shipment status. |
| Finance - Accounts Receivable | AR / finance | Credit notes and returns approval, plus view invoices, customers and orders. No order or shipment writing. |
| Sales - Pricing Manager | Pricing owner | The Sellable Catalog and Price Book: set sell prices and tiers. |
| Sales - Read Only | Analyst / auditor | Read across all sales screens, no changes. |
| Returns - Inspector | Warehouse QC | Inspect and release quarantined returned stock. |
There is also a Sales - Admin role that grants the full sales toolset (orders, shipments, customers, credits, invoices and pricing) for a senior owner.
Assign the narrowest role that fits the person. You can combine roles if someone wears more than one hat.
Every access change is audited
Whenever an administrator changes who can access what, the system records it - so you can always answer "who gave this person that access, and when".
What is recorded:
- Granting or revoking a role or a group to a user.
- Creating, editing or deleting a role or a group (including a change to what permissions a role grants).
- Attaching or detaching a role to a job position.
- Granting or revoking the per-user area, warehouse or product access set in the user editor.
Each entry captures who made the change, what changed, when, and which user was affected.
Where to review it
Open Admin menu > Activity Log (the Global Activity Log). Filter by the System module to see just the access-control changes. Each row shows the actor, the action (for example "Role granted" or "Role permissions changed"), the affected user, and a plain-language description.