Permissions
Understand how permissions work in VasBox.
How Permissions Work
Understanding the permission system.
Permissions in VasBox are automatically assigned based on a user's role. You cannot customize individual permissions; they are predefined for each role.
- • Permissions tied to roles
- • Automatic assignment
- • Branch-level scoping
- • Immediate effect on change
- • UI elements hidden
- • Actions blocked server-side
- • Data filtered by access
- • All attempts logged
Permission Categories
Permissions organized by feature area.
Invoice Permissions
invoices.viewView invoices
invoices.createCreate invoices
invoices.editEdit drafts
invoices.finalizeFinalize invoices
invoices.cancelCancel invoices
Receipt Permissions
receipts.viewView receipts
receipts.createCreate receipts
receipts.fiscalizeSubmit to ZIMRA
Product & Customer Permissions
products.viewproducts.createproducts.editproducts.deletecustomers.viewcustomers.createcustomers.editcustomers.deleteFiscal & Report Permissions
fiscal-days.viewfiscal-days.managereports.viewreports.exportAdmin Permissions
users.viewusers.managesettings.managedevices.manageBranch Scoping
How permissions apply per branch.
Permissions are scoped to the branches a user is assigned to. This means a Manager at Branch A cannot see data from Branch B.
All branches automatically. Cannot be restricted.
One or more assigned branches. Can be "All Branches".
Single assigned branch only.
Example
Permission Denied
What happens when access is restricted.
UI Elements
Menu items, buttons, and features the user doesn't have access to are hidden from view.
Direct URL Access
Attempting to access a restricted URL directly shows an access denied message.
Action Attempts
Trying to perform a restricted action shows "You don't have permission to perform this action."
Audit Logging
All permission denied events are logged in the audit trail for security monitoring.