MyWork24 Knowledge Base
Article

Sales roles and the access-change audit log

Edit

This article is for administrators. It covers the ready-made sales roles you can assign to staff, and the audit trail that records every change to who can access what.

Sales roles

Instead of granting individual sales permissions one by one, assign one of these ready-made roles (Admin menu > user management > assign role). Each bundles the permissions for a job function, following least privilege.

Role For What it can do
Sales - Order Clerk Inside / junior sales Build draft sales orders and read across sales. Cannot commit orders to the ERP (a manager does that).
Sales - Representative Core sales Full order-to-shipment cycle plus manage customers. Can create, edit and place orders and shipments.
Sales - Manager Team lead Everything a Representative does, plus issue and approve credit notes and override shipment status.
Finance - Accounts Receivable AR / finance Credit notes and returns approval, plus view invoices, customers and orders. No order or shipment writing.
Sales - Pricing Manager Pricing owner The Sellable Catalog and Price Book: set sell prices and tiers.
Sales - Read Only Analyst / auditor Read across all sales screens, no changes.
Returns - Inspector Warehouse QC Inspect and release quarantined returned stock.

There is also a Sales - Admin role that grants the full sales toolset (orders, shipments, customers, credits, invoices and pricing) for a senior owner.

Assign the narrowest role that fits the person. You can combine roles if someone wears more than one hat.

Every access change is audited

Whenever an administrator changes who can access what, the system records it - so you can always answer "who gave this person that access, and when".

Access changes are recorded as system events and shown in the Global Activity Log

What is recorded:

  • Granting or revoking a role or a group to a user.
  • Creating, editing or deleting a role or a group (including a change to what permissions a role grants).
  • Attaching or detaching a role to a job position.
  • Granting or revoking the per-user area, warehouse or product access set in the user editor.

Each entry captures who made the change, what changed, when, and which user was affected.

Where to review it

Open Admin menu > Activity Log (the Global Activity Log). Filter by the System module to see just the access-control changes. Each row shows the actor, the action (for example "Role granted" or "Role permissions changed"), the affected user, and a plain-language description.

Related articles