Invite staff & set roles
Invite team members by email and control what they can do with built-in or custom roles.
Retailos lets you bring your whole team in and make sure each person can only see and do what their job requires.
How to set it up
Inviting a staff member
- Go to
/app/staff. - Enter the team member's email address and send the invite.
- The invitee receives an email with a link. They click it and sign in using an email OTP — no password needed.
- Once they accept, they appear in your staff list and you can assign them a role.
Using built-in roles
Retailos includes five ready-made roles you can assign straight away:
| Role | Typical use |
|---|---|
| Owner | Full access — usually the business founder |
| Admin | Near-full access for senior operations staff |
| Manager | Day-to-day store and inventory management |
| Staff | General store operations |
| Cashier | Point-of-sale and basic order tasks |
Select the appropriate role for each member from their profile on /app/staff.
Creating a custom role
- Go to
/app/roles. - Create a new role and give it a name.
- Pick from the granular permission catalogue — there are 186 individual permissions covering every area of the platform.
- Save the role.
- Head back to
/app/staffand assign the new role to the relevant team members.
Good to know
- Server-side enforcement. Every action is permission-checked on the server, not just in the interface. A staff member cannot bypass their role by tweaking a URL or making a direct request.
- One role per member. Assign the role that best fits each person's responsibilities. If no built-in role is quite right, a custom role from
/app/rolesgives you precise control. - Invites are email-based. The invitee must have access to the email address you used. The sign-in flow uses OTP, so there is no separate password to set or share.
- Owner role is protected. The Owner role carries full platform access. Assign it only to the person who is ultimately responsible for the account.
Troubleshooting
The invitee says they never received the email. Ask them to check their spam or promotions folder. If it still isn't there, return to /app/staff and resend the invite.
A staff member is seeing "Access denied" on a page they should be able to use. Review the permissions attached to their role at /app/roles. If they are on a built-in role and need broader access, consider creating a custom role with the specific permissions they require.
You want to change a team member's role. Go to /app/staff, open that member's record, and update their assigned role. The change takes effect on their next action — there is no need for them to sign out and back in.