POS security is the company-wide knobs that make the register a little stricter — sign out after X minutes, require a reason when a sale gets voided, require a customer on every sale — plus how linked returns behave when a cashier rings a negative line. It's a short page; most of the granular "who can do what" lives on the staff record, not here.
In the Admin mode, open Security in the left sidebar. It's a single page with two sections: POS settings and Linked returns.
The top section, POS settings, has one numeric input and four toggles. Each is company-wide — flipping one affects every location and every cashier.
Inactivity timeout — how long a Rundoo tab can sit idle before the staff member gets signed out. Value is in minutes; tune it for how your counter runs (a busy paint desk that steps away to mix wants a longer window than a single-terminal hardware counter that should auto-lock fast). Click the field, type a new number, and hit Save — Cancel backs out without applying.
Automatically sign out after completing sale — when on, Rundoo signs the staff member out at the end of each sale. Use this at shared terminals where the next cashier should re-ID before ringing. Leave it off if one cashier runs a register for their whole shift.Require all guest sales and returns to have an internal note (customer level settings override this) — when on, a guest (no-customer) sale or return can't complete until the cashier types something into the Internal notes field. Good for stores that want a reason-code trail on cash-and-carry walk-ins. Per-customer overrides on the customer record can loosen this for specific accounts.Require reasons to void transaction — when on, clicking Void on a sale or draft pops a confirmation modal instead of voiding silently. See the section below for how that surfaces at the counter.Require all sales and returns to have a customer attached — when on, Sale and any return action stay disabled until a customer is attached to the cart. Hard-closes the door on guest sales. Most stores leave this off (walk-ins are real); charge-account-only businesses turn it on.Below these, the Linked returns section controls how Rundoo handles negative lines — see How linked returns behave below.
POS security is company-wide; staff permissions are per-person. They stack rather than replace each other.
A cashier can void a sale only if:
Require reasons to void transaction is on company-wide, they click through the confirmation modal at the register.Same pattern for other gated actions — price overrides, below-cost sales, refunds, tax changes. The staff permission answers "is this person allowed to do it?" and the POS security toggle answers "what friction do we put in front of it?" An admin gets the permission checked on their staff record; a cashier doesn't. POS security doesn't override permissions — a cashier without the void permission can't void even when the toggle is off.
This is why most stores configure both layers together: set the toggle for the friction you want every cashier to see, then lock the permission for the staff who shouldn't have the action at all.