Permission matrix
Tick a box to grant. Changes persist on this device and are written to the audit log.
| Permission | 👑Owner / Admin | 🧭Manager | 💵Cashier | 📦Warehouse | 🧾Accountant |
|---|---|---|---|---|---|
| View | |||||
| Create | |||||
| Edit | |||||
| Delete | |||||
| Approve | |||||
| Export | |||||
| Send | |||||
| Refund | |||||
| Adjust Stock | |||||
| Change Prices | |||||
| View Costs | |||||
| View Profit | |||||
| Manage Users | |||||
| Manage Settings |
Cashier sees prices, never cost or profit. “View Costs” and “View Profit” are unchecked — on POS a cashier sees the selling price and nothing about margin. That is the whole point of the matrix.
Warehouse adjusts stock, touches no accounting. “Adjust Stock” is granted; every money permission is not. Counts and transfers, yes — journals and prices, never.
Everything, everywhere.
1 userApproves, prices, sees profit. No user management.
2 usersSells at set prices. Sees selling prices — never cost or profit.
5 usersMoves and counts stock. No accounting, no prices.
3 usersBooks, taxes and statements. Cannot change prices or stock.
1 userUsers
| User | Role | Branch | Last seen | 2FA | |
|---|---|---|---|---|---|
AMAiman Mohamed | 👑 Owner / Admin | Malé HQ | 2 min ago | On | |
FSFathimath Sana | 🧭 Manager | Malé HQ | 1h ago | On | |
IRIbrahim Riyaz | 🧭 Manager | Addu Branch | yesterday | Off | |
MNMariyam Nasha | 💵 Cashier | Hulhumalé Outlet | 20 min ago | On | |
ASAli Shiman | 📦 Warehouse | Malé HQ | 3h ago | Off | |
HZHawwa Zeena | 🧾 Accountant | Malé HQ | today 09:12 | On |
The security design supports SAML 2.0 and Google Workspace SSO with IdP-initiated login and just-in-time user provisioning mapped to roles. It ships with the enterprise backend phase — until then, email + password + TOTP 2FA is the login path.
Login history
Every attempt is recorded — device, IP and location. Three failed tries lock the account for 15 minutes and alert the Owner.
| User | When | Device | IP | Location | Result |
|---|---|---|---|---|---|
| Aiman Mohamed | Today 08:58 | Chrome · Windows 11 | 203.99.132.41 | Malé, MV | Success |
| Mariyam Nasha | Today 08:40 | Safari · iPhone 15 | 203.99.140.7 | Hulhumalé, MV | Success |
| Hawwa Zeena | Today 09:12 | Edge · Windows 10 | 203.99.132.41 | Malé, MV | Success |
| Unknown (aiman@…) | Today 03:17 | curl/8.4 | 45.148.10.88 | Unknown (NL) | Failed ×3 |
| Ali Shiman | Yesterday 14:02 | Chrome · Android 14 | 203.99.135.19 | Malé, MV | Success |
| Ibrahim Riyaz | Yesterday 09:30 | Chrome · Windows 11 | 119.31.72.204 | Addu City, MV | 2FA challenged → success |
The 03:17 attempt from an unknown Dutch IP was blocked after 3 failures and the account owner was alerted — this is the anomaly monitoring doing its job.
Active sessions
| User | Device | IP | Started | |
|---|---|---|---|---|
| Aiman Mohamed this session | Chrome · Windows 11 | 203.99.132.41 | Today 08:58 | |
| Mariyam Nasha | Safari · iPhone 15 (PWA) | 203.99.140.7 | Today 08:40 | |
| Hawwa Zeena | Edge · Windows 10 | 203.99.132.41 | Today 09:12 | |
| Ali Shiman | Chrome · Android 14 | 203.99.135.19 | Yesterday 14:02 |
Audit log
Append-only. Entries can never be edited or deleted — not by Admin, not by anyone. Filters only change what you see.
| When | User | Action | Entity | Detail |
|---|---|---|---|---|
| Today 09:31 | Fathimath Sana | Approve | PR-0142 | Purchase Request approved — Detergent 5L ×60 (CTH Lanka) |
| Today 09:12 | Hawwa Zeena | Export | Journals Jun | QuickBooks export, 214 journal lines |
| Today 08:41 | Mariyam Nasha | Refund blocked | POS | Refund above cashier limit (MVR 890) — escalated to manager |
| Yesterday 17:20 | Aiman Mohamed | Price change | p9 Canned Tuna | Retail 520 → 545 approved (queued by pricing rule) |
| Yesterday 16:05 | Ali Shiman | Stock adjust | wh1 / p11 | −2 bottles, reason: damaged (leaked) — photo attached |
| Yesterday 12:44 | system | Automation | au2 | Overdue reminder sent — INV-2026-0298, Bloom & Petal |
| Jul 15, 09:12 | Mariyam Nasha | Price override blocked | POS / p10 | Attempted MVR 118 below tier price — required approval |
| Jul 14, 23:10 | system | Backup | nightly | Encrypted snapshot 412 MB → Google Drive — verified |
Retention: permanent. Blocked actions (like the cashier’s price override) are logged with the same weight as successful ones.
Automated backups
Nightly 03:00 → encrypted snapshot to Google Drive. Retention: 30 daily, 12 monthly. Each snapshot is restore-tested automatically.
| Snapshot | Size | Status | |
|---|---|---|---|
| Today 03:00 | 414 MB | Verified | |
| Yesterday 03:00 | 412 MB | Verified | |
| Jul 15, 03:00 | 409 MB | Verified | |
| Jul 14, 03:00 | 408 MB | Verified | |
| Jul 13, 03:00 | 405 MB | Verified | |
| Jun 30, 03:00 | 398 MB | Monthly — retained 12 mo |
Disaster recovery
RPO 24h · RTO 4hCommitment: at most 24 hours of data at risk (nightly snapshot + journal replay usually brings this to minutes), and the system back within 4 hours of declaring an incident.
- Declare the incident and freeze writes (read-only mode keeps POS quoting).
- Provision the standby environment from infrastructure templates (~30 min).
- Restore the latest verified snapshot; replay the transaction journal since 03:00.
- Run the integrity checklist: trial balance, stock totals, document sequences.
- Switch DNS, notify staff, take the system out of read-only.
- Post-incident: root-cause review filed to the audit log within 72 h.
Encryption & monitoring — the security design
At rest: AES-256 on the database and every backup snapshot, keys held in a managed KMS and rotated yearly. Nothing sensitive lives in browser storage beyond this demo’s UI state.
In transit: TLS 1.3 everywhere — app, API, webhooks (HMAC-signed payloads), portal logins. No plaintext fallback.
Monitoring: anomaly alerts on failed-login bursts, bulk exports, price-override spikes and after-hours admin actions — each alert lands in the audit log and the Owner’s inbox.
Honest note: this page describes what a production deployment of Stock Master does. The demo you are viewing is a static site — it stores UI state locally and transmits nothing.