Overview
User Management in QBM controls who can sign in, which group they belong to, and how they are linked to operational information such as employee, POS counter, store, email, and location access.
Main purposeCreate and maintain user accounts
Security modelOne user belongs to one group
Password flowCreate, reset, then ask the user to change it
How User Management Works
QBM user management combines login identity, security assignment, operating location, and password control. A user record works best when all of these parts are set together.
| Layer | What It Controls |
|---|---|
| User record | The user's sign-in name, internal number, contact details, employee link, store, counter, and active or inactive status. |
| Security group | The permissions the user receives across QBM. Each user can belong to one group only. |
| User role flags | Special role-related controls such as Power user and the protected sa administrator account. |
| Location mode | Whether the user can work with all locations or only selected locations. |
| Offline controls | Whether the user can work offline and, where allowed, whether the user can also log in offline. |
| Password workflow | Whether the password is set at creation time, changed by the user, or reset by an authorized administrator. |
Important: A user can have the correct contact details and still have the wrong access if the group assignment is wrong. User details and group assignment should always be reviewed together.
User Types
In daily practice, QBM users usually fall into three levels.
| User Type | Meaning |
|---|---|
| User | A normal day-to-day user. What they can do depends mainly on the security group assigned to them. |
| Power user | A user with additional security-related authority. In QBM, the Power user option is intended for trusted users who may create, modify, or delete security and activity log related information. Use this only when truly needed. |
| Administrator | The protected administrator account is the special login sa. This account has the highest level of control, especially for sensitive security maintenance. It should be used carefully and protected with a strong password. |
Important: Do not use sa for routine daily work. Reserve it for controlled administration tasks.
Status And Internal Reference Names
End users usually see friendly labels such as Power user or Specific Locations. Support teams may sometimes see more technical names in code or troubleshooting notes. The table below connects those names to their business meaning.
| Internal Or Screen Name | Visible Meaning In QBM | What It Controls |
|---|---|---|
| sa / built-in administrator login | Administrator | The highest protected administrative level in QBM. This is the special administrator login and should be used carefully. |
| Power user / CanCreateUpdateSecurity | Power user | Allows trusted users to create, modify, or delete security-related setup and activity-log related information. |
| IsInactive | Inactive | Keeps the user record for history but removes it from normal active day-to-day use. |
| LocationsPermissionStatus.AllowedAllLocations | All Locations | The user can work with all permitted locations. |
| LocationsPermissionStatus.SpecificLoactions | Specific Locations | The user can work only with the checked locations in the list. |
| IsAllowOffline | Can work offline | Allows the user to use QBM in offline mode where that environment is supported. |
| IsAllowOfflineConnection | Can login offline | Allows the user to sign in while offline. This matters only when offline work is also allowed. |
| IsAllowToUseTodaysDateOnly | Can only view today's date | Restricts the user to the current date. |
| UserRoles.PowerUser | Signed-in user is treated as a power user | Used internally when QBM checks whether the current user can perform elevated security tasks such as password reset. |
| AccessRights | Screen access level | The User Details screen still follows the user's screen permission, such as no access, read-only, partial access, or full access. |
Support note: One internal status name is written as SpecificLoactions in code, but the visible option for clients is simply Specific Locations.
Users List
Tab Path: Security > Users List
The Users List shows existing users and the group currently assigned to each user.
| Action | What It Does |
|---|---|
| New | Creates a new user. |
| Open | Opens the selected user for review or update. |
| Delete | Deletes the selected user if you have delete permission. |
| Inactive | Shows or hides inactive users in the list. |
Typical list information: the Users List is designed to show key details such as login name, description, first name, last name, phone, email, and assigned group.
User Details
Tab Path: Security > Users List > Open User
The User Details screen contains identity, password, operational, and access-related information.
Main User Fields
| Field | Meaning |
|---|---|
| User ID / Name | The login name used to sign in to QBM. |
| Number | An additional internal user reference number. |
| Password | The current password or temporary starting password for the user. |
| Confirm Password | Must match the password when creating or changing a user's password. |
| Description | A short internal note describing the user's role or department. |
| Inactive | Stops the user from being treated as an active user while keeping the record. |
| Power user | Gives the user elevated security-related authority. This should be assigned only to trusted senior staff. |
Operational And Contact Fields
| Field | Meaning |
|---|---|
| Employee | Links the QBM login to an employee record. |
| Counter | Links the user to a POS counter when applicable. |
| Default Store | Sets the default location or store the user works with. |
| First Name / Last Name | Stores the user's personal details for display and reference. |
| Email 1 / Email 2 | Primary and secondary email addresses. |
| Phone | Direct contact number for the user. |
Offline And Date Controls
| Option | Meaning |
|---|---|
| Can work offline | Allows the user to work in an offline mode when that setup is supported. |
| Can login offline | Allows the user to sign in while offline when that setup is available. |
| Can only view today's date | Restricts the user to working only with the current date, which can help control backdating or forward-dating. |
Existing-user behavior: when you open an existing user, QBM uses the separate Reset Password action for controlled resets instead of relying on the main password boxes.
User ID rule: for existing users, only the special administrator account sa can change the login name. This helps protect identity consistency and audit history.
Power user assignment: the Power user checkbox is itself protected. It should be assigned only by the right administrator.
Group Membership
Tab Path: Security > Users List > Open User > Member Of
The Member of area controls which security group the user belongs to.
- Use Add... to assign the user to a group.
- Use Remove to clear the current assignment.
- QBM allows only one group per user. If you try to assign more than one, QBM will warn that only one group is allowed.
Location Permissions
Tab Path: Security > Users List > Open User > Location Permissions
The Location Permissions area controls which locations the user can work with.
| Option | Meaning |
|---|---|
| All Locations | The user can work with all locations. |
| Specific Locations | The user can work only with the locations selected in the list. |
Important: If you choose Specific Locations, make sure at least one location is selected before saving.
Default store rule: if you assign a default store and use Specific Locations, the default store should also be one of the permitted locations. QBM checks this during save.
Edition note: the Location Permissions area appears only when the related multi-location permission feature is available in the company edition.
Password Management
QBM supports both user password changes and administrative password resets.
Change Password
Tab Path: Security > Change Password
The Change Password screen contains Old Password, New Password, and Confirm New Password. Users should use this after receiving a temporary password.
- The user must know the current password first.
- The new password cannot be blank.
- The confirmation must exactly match the new password.
- QBM may block self-service password changes if that rule is disabled in the connection or company setup.
Reset Password
Tab Path: Security > Users List > Open User > Reset Password
The Reset Password button is available only when an existing user record is open. It is intended for controlled password resets by the right administrator.
- The special administrator account sa has the highest authority.
- Power users may also have access to reset passwords depending on their security role.
- When reset is opened from an existing user, the user ID is prefilled and locked so the reset is applied to the correct account.
- The new password cannot be blank and the confirmation must match.
- After a reset, the user should sign in and change the temporary password as soon as possible.
Connection rule: QBM can also be configured to allow or block users from changing their own passwords. If the system says password changes are not allowed, the user should consult the administrator.
Best Practice
- Create the user with a clear login name and assign the correct group immediately.
- Use a temporary password only for first access, then instruct the user to change it.
- Link the user to the correct employee, counter, and default store where applicable.
- Use inactive status instead of deleting a user when you need to keep history.
- Give Power user status only when there is a real business reason.
Security reminder: Because QBM uses one group per user, the group assignment is very important. If a user has the wrong group, they may see too much or too little in the system.