Included in StarterPart of laundromat POS Philippines

Advanced Security

Adds stronger role controls, auditability, and safety rails for sensitive business actions.

Try it free →Book a demo

Why it matters

Protects tenant operations while improving accountability across staff and managers.

What it can do

Role-based access control

  • Custom role creation with granular privilege matrix — per-module, per-action permissions
  • System roles (Owner, Manager, Staff) are protected and non-deletable
  • Fail-closed RBAC — if a permission is not explicitly granted, access is denied by default
  • Runtime URL sanitization strips legacy query-param routing to prevent privilege escalation via URL manipulation
  • Branch-level access scoping — staff and managers cannot view data outside their assigned branch

Audit & accountability

  • Full audit event log via logAuditEvent callable — every sensitive action is timestamped and attributed
  • Void order audit: captures void reason, voiding staff identity, and timestamp
  • Biometric consent audit log for attendance override actions
  • HMAC-SHA256 PIN verification for sensitive attendance transitions
  • Firestore security rules enforce ABAC (Attribute-Based Access Control) at the database level — not just the UI

Compliance

  • Firestore offline persistence with fail-closed read restrictions when offline
  • Firebase Auth with Google Sign-In — no password reuse or weak credential risk
  • Firebase App Check enabled — blocks unauthorized API calls from non-app clients
  • Reauthentication modal required before sensitive owner actions in the control panel

Real-world scenarios

Preventing cashier overrides

Staff role has no void privilege. Only Manager+ can void an order, and every void is logged with reason and identity. Supervisors review the void log at shift end.

Branch manager can't see other branches

Firestore rules enforce branch-level scoping at the database — even if a manager's device sends a query for another branch's data, the database rejects it.

What you get

How it fits your workflow

  1. 1

    Before: Access permissions loosely managed

  2. 2

    With Advanced Security: Structured controls and logs

  3. 3

    After: Stronger governance and trust

Frequently asked questions

Are the access controls enforced at the database or just in the UI?
Both. Firestore security rules enforce ABAC at the database level — the UI restrictions are a second layer, not the only gate.
Can I create custom roles for a specific employee type?
Yes. The role editor lets you create any number of custom roles with a per-module, per-action privilege matrix. Custom roles count toward the plan-tier cap.

See how Advanced Security fits into the full laundromat POS Philippines platform.

Explore all features →

Explore other modules

POS PremiumInventory ControlMulti-BranchExpense TrackerAdvanced ReportingPayroll PackHR ModuleShift SchedulingLoyaltyOnline BookingIoT Smart PlugMachine Health MonitorStaff SeatsWash Formula RecipesAI Facial Recognition AttendanceBranded Receipt TemplatesAutomated Customer Email NotificationsSMS Order & Loyalty AlertsAI Staff Performance InstituteAI Brain Center