Security & User Authorization

In service businesses, security is as indispensable as speed. Customer data, payment information, and operational records can create financial and reputational risks if they fall into the wrong hands. Therefore, the system is designed with role-based authorization (RBAC), menu/field restrictions, audit trails, session & device security, export policies, and GDPR/KVKK compliance. The goal is to implement the “least privilege” principle, ensuring both productivity and security at the same time.

Role-Based Authorization (RBAC)

Users are assigned to roles, and each role has specific permissions. Example roles: cashier (add payment – view invoice), workshop (status change – tagging), courier (pickup/delivery – routing), manager (report – configuration), accounting (e-document – receivables). Permissions can be defined at the menu level (view/add/delete/export), record level (own branch / all branches), and field level (masking amounts, masking phone numbers).

Menu, Record and Field-Level Restrictions

• Menu-based: e.g., “Reports” visible only to managers; “Download Payroll” available only to accounting.
• Record-based: Users can view records only from their own branch; HQ can filter across all branches.
• Field-based: Sensitive fields like amount/phone/email can be masked; temporary reveal requires a logged action.

Session, Device and IP Security

• Session management: Timeout, single session per user, and remote logout for other devices.
• Two-Factor Authentication (2FA): Optional extra security via SMS/Authenticator.
• IP/device restriction: Allow only specific IP ranges; revoke device tokens when a mobile device is lost.
• Password policy: Minimum length, complexity, periodic change, and blocked weak password list.

Audit Logs

The system logs critical actions with timestamp, user, and old–new values. Examples: “credit limit 10,000 → 12,500”, “invoice cancellation request”, “user X downloaded report”. Audit logs provide evidence for internal and external audits. Logs cannot be deleted; retention periods and access rights are configurable.

Export and Sharing Policies

• Excel/PDF control: “Download report” permission is role-based; exported files can include timestamp/watermark.
• Confidentiality labels: Labels like “Internal Use / Confidential” are automatically added to PDF headers/footers.
• Sharing limits: Links can be single-use and time-limited; view-only vs download permissions can be separated.

Data Protection: Encryption and Masking

• Communication security: All traffic is encrypted with TLS; session tokens stored in secure cookies.
• Storage: Sensitive data (e.g., tokens/keys) kept in a secure vault; passwords hashed one-way.
• Masking: Fields like phone, tax ID, or amounts are masked; full view requires special permission.

GDPR/KVKK Compliance

Following the principle of data minimization, only necessary fields are collected. Privacy notices, retention periods, and deletion/anonymization policies are defined. Customers manage their communication consents (opt-in) and preferred channels (SMS/WhatsApp/email) in their profile. “Data subject requests” (access/correction/deletion) are logged and tracked.

Multi-Branch and Segmented Access

In multi-branch scenarios, data visibility is managed by role–branch mapping. Users may be restricted to “own branch only” or “regional branches”. HQ users can view all branches, but export/download rights are still role-based.

Business Continuity and Backup

Configuration and data backups are taken periodically, with regular restore tests. Critical reports can be securely archived via email/SFTP. In case of outages, offline queue scenarios (field forms) prevent data loss.

Onboarding / Offboarding Checklist

1. Onboarding: Assign role, branch permissions, enable 2FA, communicate password policy, provide privacy training.
2. Offboarding: Terminate sessions, revoke device tokens, reset passwords, archive access logs.

Monitoring and Anomaly Alerts

The system alerts on suspicious patterns such as failed login attempts, unusual download volume, or rapid multiple record changes. Re-authentication may be required when an IP address changes.

Best Practices

• Least privilege: Give each user only the minimum set of permissions needed for their job.
• Two-eye principle: Apply dual approval for critical actions like invoice cancellation or credit limit increase.
• Watermarked reports: Use watermark templates for users with export permissions.
• Training: Provide short, repeated training on data sharing and security awareness.

FAQ

Is 2FA mandatory? Optional, but strongly recommended for high-risk roles.

Who can unmask phone/amount fields? Only authorized users; all unmask actions are logged.

Is there a limit on Excel/PDF downloads? Yes, quotas and time-limited links can be enforced by policy.

Can a branch employee view another branch? Depends on permissions; by default access is limited to their own branch.