Signing in
Sign-in screen
After you launch the app (and complete the initial company and cloud setup), the sign-in screen appears with the heading "Sign in". Below the heading is the name of the assigned register (e.g. "Main register") — tap the register name to switch to a different register. Below that is the list of users shown as large buttons with the name and role. At the bottom is the "Exit app" link.
If the device does not yet have a register assigned (first launch after installation or after the device has been disconnected), the register selection appears first. Only after you select a register does the list of users for signing in appear.
Entering the PIN
After you select a user, a screen appears with their name at the top (e.g. "Tomáš Administrator") and a numpad (a keypad with the digits 1–9, 0). Below the numpad are two buttons:
- ← (back arrow) — return to user selection
- ⌫ (backspace) — delete the last character
Enter the PIN by tapping the number buttons. Asterisks (*) are shown instead of the digits, so the PIN is not visible. Once you enter the correct PIN, the system signs in automatically and goes to the main screen — no confirmation button is needed.
Locking the screen
If "Automatic lock after inactivity" is enabled in Settings > Company > Security, the system locks automatically after the configured interval elapses.
The locked screen displays a Locked dialog with a lock icon, the text "Select a user to unlock", and a list of users (buttons with names). After you tap a user, the PIN numpad appears for unlocking.
Switching users
On the main screen, there is a Switch button (arrows icon) in the bottom-right corner. Tapping it opens the Locked dialog, where you can select a different user. If "Require PIN when switching staff" is enabled in the settings, the new user must enter their PIN.
Signing out
The Sign out button (red, in the bottom-right corner of the main screen) signs out the current user and returns to the sign-in screen.
Security
Each user has their own PIN. The PIN is set by the administrator when creating a user in Settings > Company > Users. The system tracks who performed which action, so it is important that everyone uses their own account.
For managers and administrators
Roles and permissions system
Kasyro uses a system of four roles, each with a preset range of permissions:
| Role | Permissions | Description |
|---|---|---|
| Helper | 15 | Basic operation — taking orders, simple payments, no access to settings |
| Staff | 58 | Standard staff — payments by all methods, discounts within a limit, register operations, basic statistics |
| Manager | 90 | Shift supervisor — refunds, shift adjustments, advanced statistics, catalog and venue management |
| Administrator | 110 | Full access — managing users, modules, security, cloud, data imports/exports |
Roles serve as templates. After you assign a role to a user, you can further adjust their permissions — add or remove individual permissions. For a user modified this way, the list shows the suffix "(modified)" next to the role name.
Managing users
To manage users, go to Settings > Company > Users. To view the list you need the users.view permission, and to create and edit users the users.manage permission. Changing a role requires users.assign_roles, and editing individual permissions requires users.manage_permissions — by default only the Administrator role has both of these permissions.
When creating a new user, you enter the name, username, and PIN, and assign a role. The PIN is stored securely as a hash (PBKDF2) and is synced across all of the company's devices.
Resetting the PIN
If a user forgets their PIN, an administrator or a manager with the users.manage permission can set a new PIN in the user detail (Settings > Company > Users > tap a user). The original PIN cannot be displayed — only a new one can be set.
Protection against PIN guessing
The system includes progressive protection against repeated incorrect PIN entry:
| Failed attempts | Lockout |
|---|---|
| 1–3 | None (typo tolerance) |
| 4 | 5 seconds |
| 5 | 30 seconds |
| 6 | 5 minutes |
| 7+ | 60 minutes |
The lockout resets after a successful sign-in or after the app is restarted.
Automatic lock
In Settings > System > Security you can configure:
- Require PIN when switching staff — when enabled, switching to a different user requires them to enter their PIN
- Automatic lock after inactivity — options: Off, 1, 2, 5, 10, 15, or 30 minutes. After the inactivity period elapses, the register locks automatically and requires a PIN to unlock
These settings are available only to Administrators (the settings_company.security permission).
Last administrator protection
The system does not allow you to delete, deactivate, or remove the administrator role from the last administrator in the company. This protection works on three levels (UI, database, server), so it cannot be bypassed. There must always be at least one active administrator.