Setting up the "Seller" role: minimum access rights and security controls

Instructions for configuring the “Seller” role in Torgsoft. Describes the required restrictions for cash operations, work with the banking terminal, receipt printing, and participation in stocktaking in order to prevent abuse.

When seller rights should be reviewed

• Before allowing a new employee to work at the cash desk.

• After shortages, suspicious returns, or manual adjustments are detected.

• When implementing a financial responsibility policy.

• If sellers work with software pECR and banking terminals.

What signs indicate excessive seller rights

• There is no transparent accountability for cash desk revenue.

• Sellers remove items from receipts without explanation.

• Changing the sales date or manually entering discounts is possible.

• Cashless payments go through without an actual transaction on the terminal.

• Staff can see stock balances, purchase prices, or financial totals.

Why the seller role should be restricted

• Use of standard or excessive access rights.

• No separation of roles (seller = administrator).

• Unlimited access to cash desk settings, terminal settings, and reports.

How to configure the “Seller” role

Settings are configured in two places:

1. Settings → Role Settings
   (access to menus, forms, and buttons)

2. Settings → Parameters → Role / Access
   (logical restrictions and control checkboxes)

1. Cash desk and the “Sales” form

Configure the minimum set of actions:

• Seller identification

Enable login or sale confirmation using a badge / barcode.
This records revenue for each employee.

• Prohibition of deleting goods

Activate the parameter “The seller cannot delete goods in sales”.
▸ The “Cancel” and “Cancel All” buttons will be unavailable.
▸ An alternative is to allow deletion only with mandatory entry of a reason.

• Restrictions on stock balances

Enable “Only the owner can see negative and zero stock balances”.
If necessary, completely prohibit sales “into negative stock”.

• Prohibition of date changes

The “Seller” role must not have the right to change the sales date.

• Discount cards

Enable “Prohibit entering the discount card number from the keyboard”.
The discount is applied only when the card is physically scanned.

2. Work with the banking terminal

• Mandatory connection with the terminal

Disable the parameter “Allowed not to use connection with the banking terminal”.
The seller will not be able to process payment “manually”.

• Access to merchants

Prohibit access to merchant settings.
Only selecting the default settlement account is allowed.

• Closing the day (Z-report)

If necessary, the right to initiate closing the terminal shift from the program may be allowed.

3. Printing receipts and labels

• Receipt printing

Set the mode:

• “Mandatory for every sale” — the receipt is printed automatically
  or

• “At the buyer’s request” — the “Receipt” button in the payment window

• Reprinting a receipt

Reprinting may be allowed from the “Expense List” form.

• Labels and price tags

The seller may be allowed to print labels from the “Stock Status” form
(to replace damaged price tags).
Access to goods receipt posting is prohibited.

• Receipt for the storekeeper

If necessary, enable printing of a separate receipt with comments for the warehouse.

4. Financial control and stocktaking

• Cash balance control

Enable “Ask for the cash balance at the first login of the day”.
The seller enters the actual amount — discrepancies are recorded.

• Hiding totals

The seller must not see the expected amount when handing over revenue.

• Stocktaking

Activate “Restrict the stocktaking statement”:
▸ accounting quantity is hidden
▸ purchase prices are hidden
▸ only the actual balance is entered

How to check that the role is configured correctly

1. Log in to the program under the “Seller” role.

2. Try changing the sales date — the action must be prohibited.

3. Try deleting an item from the receipt — there must be blocking or a request for a reason.

4. Try opening financial reports or settings — access must be unavailable.

How to maintain secure access rights

• Regularly review the user action log.

• Do not give sellers administrator passwords.

• Check rights after each software update.