Why roles and permissions matter
Once more than one person uses your system, who can do what becomes a real question. Roles and permissions are how you answer it: rather than every user having full access, each is given the access their job needs. A cashier rings up sales and issues compliant invoices; a supervisor can also process refunds and pull reports; an owner or admin manages users, products and settings.
This matters for control and for reducing both errors and temptation. A cashier who cannot void or refund freely, or change prices, is less able to cause a costly mistake or a loss, while still doing their job. So the discipline is to match permissions to roles, give people what they need and no more, and keep sensitive functions with supervisors and owners. A system that supports roles makes this straightforward.
Getting the basics right once means compliance runs quietly in the background of your business.
How to set up roles and permissions
A practical path for a Kenyan business.
- 1
Define your roles
Decide your roles, typically cashier, supervisor and owner or admin, and what each should be able to do.
- 2
Map permissions to each role
Give cashiers sales and invoicing, supervisors refunds and reports, and owners or admins user and settings management.
- 3
Assign each user a role
Assign every user the role that fits their job, so they have the access they need and no more.
- 4
Review as the team changes
Update roles when people join, leave or change jobs, so access always matches the current team.
Common mistakes to avoid
Giving everyone admin access
Full access for all invites errors and losses. Give each user only the permissions their role needs.
Leaving sensitive functions open
Refunds, voids and price changes should sit with supervisors or owners, not every cashier.
Never reviewing access
When people change roles or leave, their access should change too. Review it regularly.
An owner tightens control
A shop owner in Mombasa had given every staff member full access, and unexplained refunds and price changes were eating into margin.
She set roles: cashiers could ring up sales and issue invoices, only supervisors could refund or change prices, and she kept admin to herself.
The unexplained losses stopped, staff still did their jobs smoothly, and control sat with the right people.
Trading without eTIMS-compliant tax invoices risks KRA penalties, blocked VAT input claims for your customers, and receipts a business buyer cannot expense.
Veira signs every sale to KRA eTIMS automatically, so each receipt is compliant the moment it prints, with no separate device to reconcile.
How Veira makes this simple
Veira is built for Kenyan businesses. It issues compliant KRA eTIMS invoices automatically on every sale, applies the right tax treatment per item, captures the buyer KRA PIN, keeps your records reconciled and ready for filing, and reconciles M-Pesa and Pochi payments to each sale.
It runs on a free handheld terminal or the phone you already own, keeps working offline, and runs from KES 2,999 a month with a free terminal and a 30-day money-back guarantee. See how Veira works, or book a free demo.
Frequently asked questions
What are eTIMS roles and permissions?
Why set permissions per role?
Who should have admin access?
Does Veira support roles and permissions?
Does Veira handle this for me?
Where do I confirm the current rules?
eTIMS roles and permissions is straightforward once you know the essentials, and with a compliant system like Veira the day-to-day part is handled for you. See how Veira works, or book a free demo. Always confirm current KRA rules and rates at kra.go.ke, as they can change.