Can a staff member access multiple branches?

In most systems, staff are assigned to one branch at a time. To temporarily grant access to another branch (e.g. for holiday cover), you update their branch assignment. Some enterprise systems support multi-branch staff, but for SMEs single-branch assignment is simpler and more secure.

What happens if the owner account is compromised?

The owner account has full access, so it should be protected with strong authentication. Use a strong password, enable two-factor authentication if available, and never share owner credentials with staff — create staff accounts instead.

Point of Sale & RetailAdvanced5 min read

Role-Based Access Control in Multi-Branch POS Systems

How staff locking, owner oversight, and permission layers protect your business when operating across multiple locations.

Key Takeaways

Branch-locking staff to their assigned location prevents accidental or intentional cross-branch interference.
The owner role should always have unrestricted access to all branches with the ability to filter by location.
PIN-based authentication at the device level adds a second layer of access control beyond login credentials.

The access control problem in multi-branch retail

In a single-location business, access control is simple: everyone who works there can see everything. Add a second location and you have a new problem. Should a cashier at Branch A be able to view Branch B's inventory? Should they be able to process a sale against Branch B's stock? In almost all cases, the answer is no. Uncontrolled cross-branch access creates confusion (wrong stock sold), security risks (unauthorised access to another location's data), and data quality issues (transactions tagged to the wrong branch).

The three-tier permission model

A well-structured multi-branch POS uses three permission tiers. **Owner** — full access to all branches, all data, all settings. Can view consolidated reports, filter by branch, manage staff across locations, and configure the system. **Cashier** — locked to their assigned branch. Can view that branch's product catalogue, process sales, and issue receipts. Cannot see other branches or change system settings. **Inventory manager** — locked to their assigned branch. Can add products, adjust stock levels, and process restocks. Cannot process sales or access other branches. This separation ensures everyone has exactly the access they need and nothing more.

How branch locking works

When a staff member is assigned to a branch, their user record stores a `location_id`. Every API request they make is automatically filtered by this location. When they view inventory, they only see products at their branch. When they process a sale, the transaction is tagged to their branch. When they restock, the stock change applies to their branch's inventory. This filtering happens at the server level — it is not a UI-level restriction that could be bypassed. Even if someone manipulated the frontend, the server would reject requests for data outside their assigned branch.

PIN authentication as a second layer

Beyond login credentials (phone number or email with magic link), POS systems add a PIN layer for device-level authentication. When a cashier opens the till, they enter a 4-6 digit PIN. This serves two purposes: it confirms the person at the device is the authorised staff member (not someone who found a logged-in device), and it creates an audit trail — every shift and transaction is tied to a specific PIN entry. PINs should be unique per staff member and changed periodically.

Auditing and oversight

The owner's ability to see all branches is not just a convenience — it is a control mechanism. Regular cross-branch auditing catches issues early: cash variance at one branch, unusually high refund rates, inventory discrepancies between system and physical counts. The audit tab in AskBiz POS logs all amendments and refunds across all branches, giving the owner a single view of every exception event in the business.

Managing POS Staff: Roles, Permissions, and Magic Link Login5 min · Intermediate Processing a Sale: From Scan to Receipt in Under 60 Seconds4 min · Beginner Multi-Location Retail Management: A Complete Guide6 min · Beginner