API Overview
Understand authentication, rate limits, and core resources in the LollipopWMS API.
Documentation
User Permissions Reference
Configure roles, privileges, and station access for every warehouse associate.
Permission model overview
LollipopWMS uses role-based access control (RBAC). Users are assigned to roles; roles define permissions. Permissions control: which modules are visible, which actions are allowed (view, create, edit, delete), and which data is accessible (warehouse, customer, location filters). A user can have multiple roles—permissions are cumulative. Start with default roles and customize as needed. The principle of least privilege applies: grant minimum permissions required for the job.
Default roles explained
**Admin**: Full access to all modules and settings. Reserved for system administrators. **Supervisor**: Access to operations, reports, and team management. Can approve adjustments and exceptions. **Receiver**: Access to receiving module, PO lookup, and label printing. Cannot modify inventory outside receiving. **Picker**: Access to pick tasks and location lookup. Cannot view order values or customer details. **Packer**: Access to packing station, order details, and label printing. **Shipping Clerk**: Access to shipment management and carrier functions. **Viewer**: Read-only access to reports and dashboards. No operational permissions.
Creating custom roles
Go to Settings > Users > Roles to create custom roles. Start by cloning an existing role that's close to your needs. Edit permissions by module: check/uncheck View, Create, Edit, Delete for each feature. Set data scope: All warehouses, Specific warehouses, or Own warehouse only. Add location restrictions if needed (e.g., only certain zones). Name roles clearly (e.g., 'Receiving Lead - Building A'). Document the purpose of custom roles for future reference. Review custom roles quarterly to ensure they remain appropriate.
User management
Add users from Settings > Users > User List. Required fields: Email (used for login), Name, Role(s), Assigned warehouse(s). Optional: Badge ID for quick clock-in, Phone for notifications. Users receive an email invitation to set their password. For SSO-enabled accounts, users authenticate via your identity provider. Disable users rather than deleting to preserve audit history. Immediately disable access when employees leave. Use unique accounts—never share login credentials.
Audit and compliance
All permission-controlled actions are logged with: User, Timestamp, Action, Before/after values. View audit logs from Reports > Audit Trail. Filter by user, action type, date range, or affected record. Audit data is retained for 7 years by default. Export audit logs for compliance reporting or investigations. Permission changes are logged separately in Settings > Audit > Permission Changes. Review permission audit quarterly for SOX, ISO, or customer compliance requirements.
Frequently asked questions
Can a user have multiple roles?
Yes. Assign multiple roles and the user receives all permissions from all roles. Use this for cross-trained employees who work multiple functions.
How do we handle temporary access?
Set an expiration date when assigning roles. Access automatically revokes on the expiration date. Use this for contractors or temporary workers.
Can we restrict access by shift?
Time-based restrictions aren't built-in, but you can disable/enable users for shift changes or use separate accounts per shift with different permissions.