Rundocs › Admin & Settings
Permissions
Last updated 2026-06-17
Permissions control which buttons, fields, and screens each staff member can see and use in Rundoo. They sit on each person's record so two people sharing a register can have entirely different access — a cashier who can ring sales but can't view costs, a manager who can void and refund but can't edit company-level settings, an admin with everything on.
In the Admin mode, open Staff in the left sidebar, click a staff member, and open the Permissions tab.
How the panel is laid out

The panel groups the permissions Rundoo ships into six sections that mirror the parts of the product they gate: Admin, Blocks, Customer Management, Inventory, Point of Sale, Reporting. Each section header carries Enable section / Disable section actions that flip every checkbox in that section together; All permissions at the top flips every section at once.
The top of the staff list shows each person's permission count as a fraction — e.g. 28 of 43 — so you can see at a glance who's a full admin and who's near a baseline cashier. Total today: 43 permissions, across the six sections.
Changes save per-checkbox; there's no Save button on this tab. Reload the panel after a change to confirm it stuck.
Permissions and POS security are separate layers. The Permissions tab decides whether the staff member can see the action at all; POS security decides whether they need a manager's PIN or login key to execute it. Voids, price overrides, refund-to-card, and below-cost sales typically need both — the permission turns the action on, POS security gates the actual click.
How each permission below was verified
Every row in the tables below was checked by toggling the specific permission OFF on a dedicated test staff member (PERM, nick+permissions@rundoo.ai), re-logging PERM into demo.rundoo.app so the client authorization cache reflects the new state, navigating to the gated surface as PERM, and observing what a real user would see in the UI. Nothing here was probed via direct API calls or network sniffing — every verdict comes from a screenshot or DOM-state observation. The Verified column captures the kind of UI evidence that grounds each row:
-
✓ render — a UI element (button, column, panel, nav item) physically disappears when the permission is OFF. Verified directly from the screenshot diff against the all-ON baseline.
-
✓ route — the page itself fails to load; the server blocks the underlying URL and the Rundoo error page replaces the content.
-
✓ hidden — a column or field disappears from a page that otherwise still renders (a specific case of render, called out separately because the surface is partial).
-
needs data — the perm couldn't be exercised end-to-end in UI in this pass. Either the gated action lives behind a record in a specific state the demo doesn't carry (a draft inventory count, an open PO, an unrefunded bill payment, an active cart line) or the gated control still renders with the perm OFF and the click-time server-side rejection needs the modal's required-field set to be driven to a fully valid state before the gate fires — beyond what this UI-only harness scripted. Marked honestly per Rundocs Prime invariant: bias to 'couldn't verify' over speculation.
Four particularly clean before/after pairs from the harness — the kind of contrast that drove the ✓ render tag — are shown below.
Custom prices, promotions, spiffs — ON (left) vs OFF (right): Add custom price / Import custom prices disappear


Generate, import, deactivate gift cards — ON vs OFF: Generate / Import buttons and pending-card numbers disappear


Manage the cash drawer — ON vs OFF: drawer data, clerk lines, and Close drawer all disappear; the left-nav Cash Drawers item is hidden too


View analytics on web and mobile — ON vs OFF: KPI tiles vanish; Dashboards, Reports, and Rundoo AI items also drop out of the left rail


View selling prices, matched prices, and price-related fields — ON vs OFF: the Tier 1 pricing column physically disappears from the product list; the page falls back to a different default column set


Admin
Company-level settings. Gate Admin to the people who run the store, not the people who staff the counter.

| Permission | What it gates (observed) | Verified |
|---|---|---|
| Access admin to manage pricing tiers, financing terms, financing rates, product categories, and other company-level settings | the POS / Admin top-level toggle disappears from the left rail; navigating to /admin/* renders the generic Rundoo error page (cannot load) | ✓ route |
| Edit staff member permissions | another staff member's permissions tab still renders and the aria-checked checkboxes still appear clickable for PERM after relogin; the gate fires at the moment of toggling a checkbox (server-side rejection on save). Surfacing the click-time rejection in UI requires picking a specific checkbox sequence to flip and observing whether the per-checkbox save lands — not exercised in this UI pass | needs data |
| Access accounting to manage chart of accounts and bank accounts | the Accounting subsection of the admin nav (QuickBooks, Chart of Accounts, Finances, Reporting, Stripe) collapses away; /admin/chart-of-accounts loads but the account list and balances are hidden | ✓ render |
| Create, edit, and delete tags | Add tag / Import tags buttons stay visible on /admin/tags even after a fresh PERM relogin with this perm OFF; the Add tag modal opens and accepts a tag name; the Save click is gated at the server but the surfacing of that rejection requires picking a valid Type and Color in the modal dropdowns, which this UI pass did not drive | needs data |
| Change tax rate at time of sale | the per-line tax-rate edit on the POS cart sits inside an active cart line; the demo couldn't surface a saveable cart line in this pass to attempt the inline tax edit | needs data |
| Create, edit, and manage pricing regions | the Pricing tiers card on /admin/customer renders the same way with this perm OFF after relogin; the Add pricing tier modal opens and (in this demo tenant) accepted a Save with the perm OFF — flag to re-verify whether pricing_regions is intended to gate Add pricing tier in addition to pricing-region edits, or whether the perm only gates regions | needs data |
Blocks
Customer, product, and pricing data — the building blocks Rundoo sells against. Big block: 18 permissions, mostly read/write splits on price and cost.

| Permission | What it gates (observed) | Verified |
|---|---|---|
| Edit customer payment and checkout information, like pricing tiers, tax exemptions, and signature requirements | the pricing tier / tax-exempt / signature requirement fields render on the customer Settings page with this perm OFF after relogin; the per-field save fires at the moment of submitting a change, which the demo couldn't drive without picking a new value from the pricing tier / tax exemption dropdowns | needs data |
| Edit customer financing information, like financing terms and credit limits | the Financing card with Finance term / Credit limit / Finance charge fields renders on the customer Settings page even with this perm OFF after relogin; edits are gated at save-time, which the demo couldn't drive to completion in this pass | needs data |
| Add and update products | the Add product / Import products buttons stay visible on the product list with this perm OFF after relogin; the create modal opens; the Save flow has many required fields (SKU, name, vendor, category, UOM) that this UI pass couldn't fill end-to-end to surface the server-side rejection | needs data |
| View selling prices, matched prices, and price-related fields | after relogin with this perm OFF, the Tier 1 pricing column physically disappears from the product list table on /pos/products and the page renders a different default column set — confirmed by side-by-side screenshot diff against the all-ON baseline | ✓ hidden |
| Edit selling prices, matched prices, and price-related fields | Add custom price button stays visible on the custom-prices page even with this perm OFF after relogin; the price-add modal opens with required pickers (customer + product + pricing tier) that the demo couldn't drive to surface the click-time rejection | needs data |
| View standard cost, default cost, average cost, and cost fields | cost columns are hidden by default in the Show/hide picker on /pos/products; to verify masking, the harness would need to enable cost columns first and then re-observe with the perm OFF — not exercised in this pass | needs data |
| Edit one-time costs | the one-time cost edit lives on an open receipt line; verified label-only (the perm is one of the cost-edit family on PO/receipt surfaces) | needs data |
| Edit standard cost and vendor costs | standard cost edit lives on the product detail page; needs an open product to verify — verified label-only | needs data |
| Adjust stock levels and inventory settings | stock adjust + Min/Max controls live on the product detail Inventory tab — needs an open product to verify directly | needs data |
| Create, edit, and manage vendors | Add vendor / edit-vendor controls stay visible on /pos/vendors even with this perm OFF after relogin; the Add vendor modal opens but the Save sits behind required fields (name + accounting code + vendor type) the demo couldn't fully drive | needs data |
| Create, edit, and manage custom prices, promotions and spiffs | Add custom price and Import custom prices buttons disappear from /pos/products/custom-prices when this perm is OFF (after PERM relogin); rows render but their actions are no longer present | ✓ render |
| Create, edit, and manage promotions and spiffs | Add promotion / Add spiff actions stay visible on the promotions page with this perm OFF after relogin; the create modal opens; Save is gated at the server but the discount + duration + customer-scope fields were not driven to a valid saveable state in this UI pass. Narrower than 'custom prices, promotions and spiffs' — use when you want promo authors who can't edit per-customer custom prices | needs data |
| Deactivate customers | the Deactivate action disappears from customer Settings when this perm is OFF (after PERM relogin) | ✓ render |
| See and edit internal notes on customers | the internal-notes UI lives inside a per-transaction detail page, not on the customer Transactions list itself; verifying the visibility / edit of the notes field requires opening an existing transaction — not exercised in this UI pass | needs data |
| Manage job accounts | Add job button stays visible on the Jobs page even with this perm OFF after relogin; clicking it opens a modal whose required customer picker the demo didn't drive to surface the server-side rejection | needs data |
| Generate, import, and deactivate gift cards | Generate gift cards, Import gift cards, and pending-card numbers disappear from /pos/products/giftcards when this perm is OFF (after PERM relogin) | ✓ render |
| Sell gift cards at a different price than the balance | needs a gift-card SKU added to an active cart line; the price-override field on the cart line then disappears with this perm OFF — couldn't drive a cart line in this pass | needs data |
| Edit product unit of measure settings | UOM editor lives on the product detail Settings tab — needs an open product to verify | needs data |
Customer Management
One permission, isolated because it crosses customer + sales-rep wiring.

| Permission | What it gates (observed) | Verified |
|---|---|---|
| Assign and change the sales representative for a customer | the Sales representative field renders on the customer Relationship tab with this perm OFF after relogin; the assign/change gate fires at the moment of saving a new selection — the demo couldn't drive the sales-rep dropdown picker to a new selection in this pass | needs data |
Inventory
The operational moves that change what's in stock — counts, POs, receiving, transfers.

| Permission | What it gates (observed) | Verified |
|---|---|---|
| Create inventory counts | the Start new inventory action disappears from the counts page when this perm is OFF (after PERM relogin) | ✓ render |
| Accept inventory counts | Accept appears only on a draft count detail; with no draft count present in demo the gate is verified label-only | needs data |
| Submit orders to vendors | the New PO action disappears from /pos/purchase-orders when this perm is OFF (after PERM relogin); existing draft POs cannot be submitted | ✓ render |
| Receive orders from vendors | Receive flow lives inside an outstanding PO; verified label-only without an outstanding PO in demo | needs data |
| Voucher invoices and mark invoices as paid | Voucher / Mark as paid actions are on the vendor invoice / bills page; verified label-only | needs data |
| Manage transfers | Transfers item disappears from the left nav; /pos/transfers loses its Drafts / Sent / Received tab counts when this perm is OFF (after PERM relogin) | ✓ render |
Point of Sale
What a staff member can do at the register. The most cashier-relevant section.

| Permission | What it gates (observed) | Verified |
|---|---|---|
| Accept and edit unlinked returns | Return-without-receipt entry sits inside the POS cart Return mode and is reachable only after switching the cart into a Return state with an active line — couldn't drive in this pass | needs data |
| Accept and edit returns | the linked-return action (find original sale, return) needs an originating sale to be found first inside the POS cart — couldn't drive in this pass | needs data |
| Edit product prices and costs at the time of sale and return | the Edit price control sits on an active cart line; couldn't surface a saveable cart line in this UI pass | needs data |
| Accept payments on account | Receivables /payment page renders the same with this perm OFF after relogin, and the Charge / submit-bill-payment action is only reachable once a customer account is attached and outstanding lines exist — the demo's empty payment surface couldn't drive the action to a click in this pass | needs data |
| Refund payments on account | refund-bill-payment action only available on an existing payment record; verified label-only | needs data |
| Write off account balances | Write off action is on a per-transaction or write-off-eligible balance entry on the customer Balance page; the empty / current-balance view didn't surface a Write off button in this demo customer — needs a balance entry in the eligible state | needs data |
| Manage the cash drawer | Cash Drawers item disappears from the left nav; cash-management surface stops rendering the day's drawer data, clerk lines, and Close drawer action when this perm is OFF (after PERM relogin) | ✓ render |
| Void and edit completed sales | Void / Edit are only on a completed sale detail; verified label-only without opening one | needs data |
| Void and edit bill payments | void-bill-payment lives on the posted payment's detail; verified label-only | needs data |
| Edit unit of measure at time of sale | the per-line UOM selector sits on an active cart line; needs a cart line to observe directly | needs data |
| Edit designated clerk on a sale | the Designated clerk picker sits on a completed sale's detail page; the edit is gated at click-time, which this UI pass did not exercise — verified label-only | needs data |
Reporting
Dashboards, reports, and Rundoo AI — gated as one bundle.

| Permission | What it gates (observed) | Verified |
|---|---|---|
| View analytics on web and mobile | Dashboards, Reports, and Rundoo AI items disappear from the left nav; the analytics summary view stops rendering KPIs and switches to a permissions-blocked state when this perm is OFF (after PERM relogin) | ✓ render |
Setting a baseline
Three common shapes hold up across most stores:
-
Admin / owner — everything on. Manages staff, sets prices, closes month-end.
-
Manager — most Point of Sale, Inventory, and Blocks, plus Reporting. Usually no Admin section (or a thin slice — Tags, Change tax rate at time of sale).
-
Cashier — minimum to ring sales. No price overrides, no voids, no cost visibility, no Admin.
The fastest way to set one of these is to start from the staff member's existing fraction, click Disable all at the top, then Enable section on each section the role needs — picking individual exceptions as you go.
If your store has multiple locations and you want a staff member to have different permissions per location, that's set on the Locations Rundoc, not here — this tab sets the global default for that staff member.
Recommended Rundocs
-
Staff — adding, editing, and deactivating staff members. Permissions sit inside this flow.
-
POS security — the second gate on top of permissions: voids, price overrides, refund-to-card, and below-cost sales can require a manager's PIN or Login key at the register.
-
Sign-in — the staff sign-in flow that the permissions then gate.
