Skip to main content

User management (roles, invites, access)

This guide is for PeakPOS support staff managing merchant users in the Support Portal at https://support.peakpos.co.

Related pages: OrganizationsPage, OwnersPage, StoresPage, AdminDashboardPage, Access/IAM (org profile).

Merchants sign in at https://portal.peakpos.co.

Role model

Access is scoped at two levels:

  • Org-level roles: apply across the whole org, across all stores.
  • Store-level roles: apply only to selected stores.

Hierarchy (highest to lowest): org_admin > org_manager > store_admin > store_manager > stocker / cashier

Role summary:

RoleScopeUse for
org_adminOrgPrimary owner, full admin
org_managerOrgRegional ops, multi-store oversight
store_adminStore(s)Store IT lead, store admin tasks
store_managerStore(s)Day to day store operations
stockerStore(s)Inventory and stock workflows
cashierStore(s)Checkout workflows

Where to manage access

  1. Open Organizations (OrganizationsPage).
  2. Select the merchant org.
  3. Open Access or IAM on the org profile.

You should see current users, roles, pending invites, and actions to invite or remove access.

Inviting a user

  1. In Access/IAM, click Invite user.
  2. Enter the user's email.
  3. Choose the role.
  4. If it is store-level, select the store(s).
  5. Send the invite.

What happens next: user receives an email, accepts, sets up account, signs in at https://portal.peakpos.co.

Support checks:

  • Invite shows as pending.
  • After acceptance, user shows as active.

Choosing the right role

Use least privilege. Start lower and raise access later.

Quick picker:

  • Primary owner: org_admin
  • Ops lead across stores: org_manager
  • Single store IT lead: store_admin (scoped)
  • Store manager: store_manager (scoped)
  • Stock only: stocker (scoped)
  • Checkout only: cashier (scoped)

Common invite problems

Invite email not received:

  • Confirm spelling and no trailing spaces.
  • Resend invite if available.
  • Ask them to check spam and corporate quarantine.

Invite accepted, still cannot access:

  • Confirm they are signing in with the invited email.
  • Confirm store assignments (for store roles).
  • If they need cross-store access, move them to an org-level role.

Invite expired or stuck:

  • Cancel and re-invite if supported.
  • Otherwise create a new invite and escalate for cleanup.

Changing a user's role

  1. Open Access/IAM.
  2. Find the user.
  3. Edit role and store assignments.
  4. Save.

Safety rules:

  • Confirm requester is authorized.
  • Avoid removing the last org_admin unless explicitly approved.

Removing or deactivating users

Remove access (most cases):

  • Remove the user from the org in Access/IAM.
  • For store roles, remove store assignments if required.

Deactivate user (security cases, if supported):

  • Deactivate the user from the user detail view.

Notes:

  • Deactivation can impact the user's access to other orgs.
  • Prefer org-scoped removal unless there is a security requirement.

Audit and verification

After changes:

  • Re-open Access/IAM and confirm state.
  • If access still fails, ask for the exact sign-in email, then re-check invite status, role, and store assignments.