Skip to main content

Manager Approval

When a staff member's permission for an action is set to Approval, they cannot complete the action alone. Instead, a manager or admin must enter their PIN to authorize it.

How It Works

  1. A staff member attempts a restricted action (e.g., applying a custom discount)
  2. A PIN prompt appears: "Manager approval required"
  3. A manager or admin enters their 4-digit PIN
  4. The system verifies:
    • The PIN belongs to a valid, active staff member
    • That staff member has Allow (not just Approval) for the same permission
    • The staff member's role is Manager or Admin
  5. If valid, an approval token is issued and the action proceeds
  6. If invalid, the action is denied

Approval Token Lifetime

Approval tokens are short-lived -- they expire after 5 minutes. This means:

  • The staff member must complete the approved action within 5 minutes
  • After expiry, a new approval is needed
  • Each token is for a single action -- it cannot be reused

Common Approval Scenarios

ActionWho Needs Approval
Applying custom discountsShift Lead (by default)
Processing refundsShift Lead (by default)
Stock adjustmentsShift Lead (by default)

These defaults can be changed using Custom Roles on the Pro plan.

tip

If your shift leads frequently need approval for the same action, consider upgrading their permission from "Approval" to "Allow" using a custom role. This reduces interruptions for managers during busy periods.

Security

The manager approval system is designed to prevent unauthorized access:

  • The approving manager's PIN is validated against the database (bcrypt comparison)
  • The backend checks that the approver actually has the required permission at the "Allow" level
  • Approval events are logged for audit purposes
  • The approver does not need to be logged in to the same POS terminal -- they just need a valid PIN

Who Can Approve

Only staff with a Manager or Admin role (or a custom role with equivalent permissions) can approve actions. A shift lead cannot approve actions for another shift lead, even if they have the same permission at the "Approval" level.