Docs / Operations
Staff and permissions
Owners, managers, cashiers, waiters, kitchen. Manager-gated sensitive actions.
halopos has five roles. Staff can have more than one role across different locations. Every role is location-scoped — staff at one venue don't see data from another.
| Role | What they can do |
|---|---|
| Owner | Everything. Billing, deletion, 2FA. |
| Manager | Menu, reports, staff, overrides. Can't change billing. |
| Cashier | Cashier surface only. Sensitive actions need a manager override. |
| Waiter | Mobile surface only. Read menu, write orders. |
| Kitchen | KDS only. Read orders, bump tickets. |
Sign-in
All staff sign in via Clerk. Owners may enable 2FA on their account.
2FA
The owner account has TOTP-based 2FA enabled by default. See ADR-012. Recovery codes are shown once at setup — screenshot them.