User Roles & Permissions

ReturnMate uses role-based access control (RBAC) to manage what team members can see and do. This guide covers setting up roles and permissions for your team.

Understanding Roles

Roles define a set of permissions that can be assigned to users. Each user has one role that determines their access level.

Default Roles

Permission Categories

Permissions are grouped into categories:

Returns Management

Shipping & Labels

Warehouse Operations

Team Management

Settings & Configuration

Billing & Account

Reports & Analytics

Inviting Team Members

Step 1: Navigate to Team Settings

Go to Settings → Team → Invite User

Step 2: Enter Details

Email: newuser@company.com
Role: Agent
Send invite email: Yes

Step 3: User Accepts Invite

The user receives an email with a link to:

1. Create their account
2. Set password
3. Access ReturnMate

📷

Team Invite Interface

(Screenshot placeholder)

Creating Custom Roles

If default roles don't fit your needs, create custom roles:

Step 1: Create Role

Go to Settings → Team → Roles → Create Role

Role Name: "Quality Inspector"
Description: "Warehouse team - inspection only"
Base on: Agent (optional starting point)

Step 2: Configure Permissions

Enable/disable specific permissions:

Quality Inspector Permissions:

Returns Management:
  ✓ View RMAs
  ✓ Edit RMAs (inspection notes only)
  ✗ Approve/Reject
  ✗ Process Refunds

Warehouse Operations:
  ✓ Mark Received
  ✓ Perform Inspection
  ✗ Manage Inventory

Shipping:
  ✗ Generate Labels
  ✗ View Costs

📷

Custom Role Permissions

(Screenshot placeholder)

Step 3: Assign to Users

Assign the custom role to team members:

1. Go to Settings → Team
2. Select user
3. Change role to custom role
4. Save

Store-Specific Access

For multi-store setups, limit users to specific stores:

User: warehouse-sydney@company.com
Role: Manager
Store Access:
  ✓ Sydney Store
  ✗ Melbourne Store
  ✗ Brisbane Store

This user only sees RMAs and data for Sydney Store.

Warehouse-Specific Access

Similarly, limit access to specific warehouses:

User: inspector@company.com
Role: Quality Inspector
Warehouse Access:
  ✓ Sydney Warehouse
  ✗ Melbourne Warehouse

Activity Logging

All user actions are logged for audit purposes:

View logs at Settings → Team → Activity Log

📷

Activity Log

(Screenshot placeholder)

Security Best Practices

Principle of Least Privilege

• Give users only the permissions they need
• Start with restrictive roles, add permissions as needed
• Regular review and revoke unnecessary access

Account Security

• Require strong passwords (enforced by default)
• Enable two-factor authentication (2FA)
• Remove access immediately when staff leave
• Use unique accounts per person (no shared logins)

Regular Audits

• Review user list quarterly
• Check role assignments annually
• Monitor activity logs for anomalies
• Remove inactive users

Managing Users

Edit User

1. Go to Settings → Team
2. Click user row
3. Update role, store access, or details
4. Save changes

Deactivate User

Temporarily suspend access:

1. Go to Settings → Team
2. Click user row
3. Toggle Active to off
4. User cannot log in but account preserved

Remove User

Permanently remove access:

1. Go to Settings → Team
2. Click user row
3. Click Remove User
4. Confirm removal

Single Sign-On (SSO)

Enterprise plans support SSO integration:

SSO configuration is available at Settings → Security → Single Sign-On

API Access

For developer access via API:

1. Create API key at Settings → Integrations → API
2. Assign permissions to the API key
3. API keys have their own permission set
4. Revoke keys when no longer needed

See API Documentation for details.

Best Practices

• Use default roles when possible for simplicity
• Create custom roles only when necessary
• Document custom role purposes
• Review permissions when staff change roles
• Enable 2FA for all admin-level users
• Audit user access quarterly
• Remove access immediately for departing staff

Related Articles

• Team Setup
• Multi-Store Management
• Security Settings