Roles & permissions
Not all users have the same permissions. Te Lo Llevo applies the principle of least privilege: each person can do exactly what they need for their work, and nothing more. This page explains who is who and what they can do.
Permissions on Te Lo Llevo have two layers. The first is the persona: customer,
merchant, courier, cashier, Operations or business client โ each one accesses
their own application. The second layer, within a merchant's team, is the role
ladder OWNER, MANAGER and STAFF, which
determines what actions each team member can perform.
The two levels of identity
We need to distinguish between platform personas and roles within a merchant team. They are two different systems that coexist.
Platform personas
Every user belongs to a single "persona": customer, merchant, courier, cashier, Operations team or business client. The persona determines which application they can access and which functions they see.
Merchant team roles
Within a merchant, each team member has a role: OWNER,
MANAGER or STAFF. This role determines what they
can do in the merchant app and in the POS.
| Persona | Main application | Has OWNER/MANAGER/STAFF role |
|---|---|---|
| Customer | The customer app | No โ has their own account system |
| Merchant (owner or team) | The merchant app + the POS | Yes โ OWNER, MANAGER or STAFF |
| Courier | The courier app | No โ own account management |
| Cashier | The POS | Yes โ normally STAFF; can be MANAGER |
| Operations team | The Operations console | No โ own super-admin access |
| Business client | The business dispatch workspace | No โ own business account access |
The merchant role ladder
The OWNER โ MANAGER โ STAFF ladder is
hierarchical: each level includes all the permissions of the level below plus its
own. The goal is that the person with the most authority in the business (the
owner) is the only one who can perform irreversible actions such as refunds or
voids.
| Role | Can read data | Can write / change | Can refund and void |
|---|---|---|---|
STAFF |
Yes | Limited | No |
MANAGER |
Yes | Yes | No |
OWNER |
Yes | Yes | Yes |
OWNER
This restriction is deliberate and has fiscal and fraud-control reasons. If a cashier or manager needs to issue a refund, they must ask the owner to do it from their own session. No configuration can relax this limit.
What each role can do in the POS
Below, with concrete examples, are the actions permitted at each role level in the day-to-day operation of the POS.
STAFF โ The shift employee
The STAFF role is the most common among cashiers. They can perform
all everyday selling actions without being able to access sensitive functions.
MANAGER โ The supervisor
The MANAGER role has all STAFF permissions plus access
to operational management functions: they can correct inventory, approve larger
discounts and open the till when needed outside of a sale.
OWNER โ The owner
The OWNER role has full access. They are the only one who can perform
financially sensitive actions: issue refunds, void sales, apply discounts or
complimentary charges of 100% and manage the full merchant profile configuration.
POS discounts by role
Discounts applied in the POS have a ceiling that depends on the role. A reason is mandatory in every case โ it is recorded in the audit trail.
| Role | Maximum discount | Reason required |
|---|---|---|
STAFF |
10% or โฌ10, whichever is lower | Yes |
MANAGER |
50% | Yes |
OWNER |
No limit (full complimentary charge) | Yes |
Onboarding & verification
Before a courier or merchant can operate on the platform, they must go through an onboarding process supervised by the Operations team. These processes ensure that only verified people and businesses access critical functions.
Courier onboarding
-
Application on the public website
The candidate fills in the courier application form on the Te Lo Llevo public website, providing their basic details and identity documents.
-
KYC review by Operations
The Operations team reviews the documents in the console (identity verification, KYC). They can approve or reject the application.
-
Verification badge
Once approved, the account receives the verification badge and the courier can start their shift in the app. Until approval, the account is on an "onboarding hold" and cannot accept tasks.
An active courier can be blocked if their cash-on-hand balance exceeds โฌ100 for more than 24 hours without settling. A blocked courier cannot accept new tasks until they settle their cash with the Operations team.
Merchant onboarding
-
Interest form
The interested merchant contacts Te Lo Llevo through the public website or directly with the commercial team.
-
Activation by Operations
The Operations team converts the contact into an active account from the console, sets up the basic profile and sends credentials to the merchant owner.
-
Owner completes setup
The merchant's
OWNERsigns in with their credentials, completes the profile (opening hours, images, catalogue) and adds team members with the appropriate roles.
Permission principles
The Te Lo Llevo permission system is governed by three principles that protect customers, merchants and the platform itself.
Each role has access only to what they need to do their job. A cashier does not need to see the owner's financial reports; a courier does not have access to the merchant's catalogue. Less access means less risk.
If a cashier needs to apply a discount beyond their role's cap, the solution is
not to bypass the system โ it is to ask a MANAGER or
OWNER to authorise it from their own session. The system never
silently allows a limit to be exceeded.
Every sensitive action โ refunds, voids, inventory adjustments, over-cap discounts, till opens without a sale โ is recorded in the audit trail with the date, time and user who performed it. This log is read-only: it cannot be edited or deleted.
Can a role be changed? Yes, the OWNER of a
merchant can change any team member's role at any time. But the change is
recorded in the audit trail. Downgrading a MANAGER to
STAFF does not reverse actions already taken; it only limits
future ones.