Platform
Team & permissions
ScanLedger's team model is designed for real-world small and medium businesses — clear roles, workspace switching for consultants, and custom permissions for larger teams.
Inviting team members
- Open Settings → Team.
- Click Invite Member.
- Enter email and choose a role.
- They receive an email with a secure invitation link (24-hour expiry).
Roles
| Role | Available on | What they can do |
|---|---|---|
| Owner | All plans | Full access. Manages billing, team, and workspace settings. One per workspace. |
| Admin | Enterprise | Manages team members and roles. Cannot change billing. |
| Manager | Enterprise | Oversees team activity, approves void requests, views reports. Limited team-management. |
| Staff | Pro, Enterprise | Daily operations: POS, scanning, inventory updates. No admin, no billing. |
| Custom | Enterprise | Bundle of fine-grained permissions you define. |
Custom roles (Enterprise)
Build your own role by toggling individual permissions. Common examples:
- Accountant — read-only access to sales, reconciliation, and expected payments. No inventory write.
- Warehouse staff — inventory read/write, no POS, no datasets.
- Auditor — read-only access to everything, including activity logs.
Token versioning and revocation
When a team member's role is downgraded or they are removed, their JWT is immediately invalidated through user.token_version bumping and a Redis-backed token blacklist. This means revocation is instant — they are booted out on their next request even if the old token has not expired.
Workspace switching
A single user can belong to multiple workspaces (for example, your own account plus a business you consult for). The workspace switcher in the sidebar changes context; all API calls carry an X-Workspace-Id header so the backend scopes data correctly.
Subscription downgrades and disabled members
If you downgrade from Enterprise (unlimited) to Pro (5 members), any excess members are disabled — not deleted. Their data stays, but they cannot sign in. When you upgrade again, disabled members are automatically restored.
The reason a member was disabled is tracked in disabled_reason (e.g. “Subscription downgrade”).
Activity tracking
Every significant action — document uploads, sales, inventory changes, role changes — is logged with actor and timestamp. Owners, Admins, and Managers can view the activity feed and filter by user or action type.
Plan access
| Plan | Team size |
|---|---|
| Free (trial) | 1 |
| Pro | 5 |
| Enterprise | Unlimited |