AZ Azerbaijan / AZN
MUPZA OperatorOwner accountMU
M
MUPZAOSRestaurant OS command
Owner/Admin Permission Visibility

Owner/Admin Permission Matrix

Safe local preview of which Restaurant SaaS roles can see example modules. This is read-only static evidence: it creates no runtime roles, grants no real permissions, adds no auth bypass and calls no real backend.

9Owner/admin matrix roles covered.
14Restaurant SaaS modules included.
24Masked or blocked sensitive module rules.
46Mutation-denied/read-only examples.

Role × module visibility matrix

owner14 visible/read-only modules · 0 hidden or blocked modules6 modules deny mutation in this preview.
Dashboard: VisibleRestaurant Profile: VisibleBranches: VisibleMenu/Catalog: VisibleOrders: VisiblePOS: VisiblePOS Approval Audit: Read-onlyStaff Roles: VisibleBilling/Subscription: Sensitive maskedTenant Domains: Sensitive maskedReports: VisibleAnalytics: VisibleSettings: VisibleAudit Logs: Read-only
admin14 visible/read-only modules · 0 hidden or blocked modules5 modules deny mutation in this preview.
Dashboard: VisibleRestaurant Profile: VisibleBranches: VisibleMenu/Catalog: VisibleOrders: VisiblePOS: VisiblePOS Approval Audit: VisibleStaff Roles: Mutation deniedBilling/Subscription: Sensitive maskedTenant Domains: Mutation deniedReports: VisibleAnalytics: VisibleSettings: Mutation deniedAudit Logs: Read-only
manager11 visible/read-only modules · 3 hidden or blocked modules8 modules deny mutation in this preview.
Dashboard: VisibleRestaurant Profile: Read-onlyBranches: Read-onlyMenu/Catalog: VisibleOrders: VisiblePOS: VisiblePOS Approval Audit: Read-onlyStaff Roles: Sensitive blockedBilling/Subscription: Sensitive blockedTenant Domains: Sensitive blockedReports: VisibleAnalytics: VisibleSettings: Mutation deniedAudit Logs: Read-only
cashier5 visible/read-only modules · 9 hidden or blocked modules12 modules deny mutation in this preview.
Dashboard: Read-onlyRestaurant Profile: HiddenBranches: HiddenMenu/Catalog: Read-onlyOrders: VisiblePOS: VisiblePOS Approval Audit: Mutation deniedStaff Roles: Sensitive blockedBilling/Subscription: Sensitive blockedTenant Domains: Sensitive blockedReports: HiddenAnalytics: HiddenSettings: HiddenAudit Logs: Hidden
waiter4 visible/read-only modules · 10 hidden or blocked modules13 modules deny mutation in this preview.
Dashboard: Read-onlyRestaurant Profile: HiddenBranches: HiddenMenu/Catalog: Read-onlyOrders: VisiblePOS: Mutation deniedPOS Approval Audit: HiddenStaff Roles: Sensitive blockedBilling/Subscription: Sensitive blockedTenant Domains: Sensitive blockedReports: HiddenAnalytics: HiddenSettings: HiddenAudit Logs: Hidden
kitchen3 visible/read-only modules · 11 hidden or blocked modules13 modules deny mutation in this preview.
Dashboard: Read-onlyRestaurant Profile: HiddenBranches: HiddenMenu/Catalog: Read-onlyOrders: VisiblePOS: HiddenPOS Approval Audit: HiddenStaff Roles: Sensitive blockedBilling/Subscription: Sensitive blockedTenant Domains: Sensitive blockedReports: HiddenAnalytics: HiddenSettings: HiddenAudit Logs: Hidden
courier2 visible/read-only modules · 12 hidden or blocked modules14 modules deny mutation in this preview.
Dashboard: Read-onlyRestaurant Profile: HiddenBranches: HiddenMenu/Catalog: HiddenOrders: Read-onlyPOS: HiddenPOS Approval Audit: HiddenStaff Roles: Sensitive blockedBilling/Subscription: Sensitive blockedTenant Domains: Sensitive blockedReports: HiddenAnalytics: HiddenSettings: HiddenAudit Logs: Hidden
accountant11 visible/read-only modules · 3 hidden or blocked modules13 modules deny mutation in this preview.
Dashboard: Read-onlyRestaurant Profile: Read-onlyBranches: Read-onlyMenu/Catalog: Read-onlyOrders: Read-onlyPOS: HiddenPOS Approval Audit: Read-onlyStaff Roles: Sensitive blockedBilling/Subscription: Sensitive maskedTenant Domains: Sensitive blockedReports: VisibleAnalytics: Read-onlySettings: Mutation deniedAudit Logs: Read-only
read-only10 visible/read-only modules · 4 hidden or blocked modules14 modules deny mutation in this preview.
Dashboard: Read-onlyRestaurant Profile: Read-onlyBranches: Read-onlyMenu/Catalog: Read-onlyOrders: Read-onlyPOS: HiddenPOS Approval Audit: Read-onlyStaff Roles: Sensitive blockedBilling/Subscription: Sensitive blockedTenant Domains: Sensitive blockedReports: Read-onlyAnalytics: Read-onlySettings: Mutation deniedAudit Logs: Read-only

Read-only, hidden and denied examples

ownerVisible: Dashboard, Restaurant Profile, Branches, Menu/Catalog, Orders, POS, POS Approval Audit, Staff Roles, Billing/Subscription, Tenant Domains, Reports, Analytics, Settings, Audit LogsHidden/blocked: noneRead-only: POS Approval Audit, Audit LogsMutation denied: POS Approval Audit, Staff Roles, Billing/Subscription, Tenant Domains, Settings, Audit Logs
preview
adminVisible: Dashboard, Restaurant Profile, Branches, Menu/Catalog, Orders, POS, POS Approval Audit, Staff Roles, Billing/Subscription, Tenant Domains, Reports, Analytics, Settings, Audit LogsHidden/blocked: noneRead-only: Audit LogsMutation denied: Staff Roles, Billing/Subscription, Tenant Domains, Settings, Audit Logs
preview
managerVisible: Dashboard, Restaurant Profile, Branches, Menu/Catalog, Orders, POS, POS Approval Audit, Reports, Analytics, Settings, Audit LogsHidden/blocked: Staff Roles, Billing/Subscription, Tenant DomainsRead-only: Restaurant Profile, Branches, POS Approval Audit, Audit LogsMutation denied: Restaurant Profile, Branches, POS Approval Audit, Settings, Audit Logs
preview
cashierVisible: Dashboard, Menu/Catalog, Orders, POS, POS Approval AuditHidden/blocked: Restaurant Profile, Branches, Staff Roles, Billing/Subscription, Tenant Domains, Reports, Analytics, Settings, Audit LogsRead-only: Dashboard, Menu/CatalogMutation denied: Dashboard, Menu/Catalog, POS Approval Audit
preview
waiterVisible: Dashboard, Menu/Catalog, Orders, POSHidden/blocked: Restaurant Profile, Branches, POS Approval Audit, Staff Roles, Billing/Subscription, Tenant Domains, Reports, Analytics, Settings, Audit LogsRead-only: Dashboard, Menu/CatalogMutation denied: Dashboard, Menu/Catalog, POS
preview
kitchenVisible: Dashboard, Menu/Catalog, OrdersHidden/blocked: Restaurant Profile, Branches, POS, POS Approval Audit, Staff Roles, Billing/Subscription, Tenant Domains, Reports, Analytics, Settings, Audit LogsRead-only: Dashboard, Menu/CatalogMutation denied: Dashboard, Menu/Catalog
preview
courierVisible: Dashboard, OrdersHidden/blocked: Restaurant Profile, Branches, Menu/Catalog, POS, POS Approval Audit, Staff Roles, Billing/Subscription, Tenant Domains, Reports, Analytics, Settings, Audit LogsRead-only: Dashboard, OrdersMutation denied: Dashboard, Orders
preview
accountantVisible: Dashboard, Restaurant Profile, Branches, Menu/Catalog, Orders, POS Approval Audit, Billing/Subscription, Reports, Analytics, Settings, Audit LogsHidden/blocked: POS, Staff Roles, Tenant DomainsRead-only: Dashboard, Restaurant Profile, Branches, Menu/Catalog, Orders, POS Approval Audit, Analytics, Audit LogsMutation denied: Dashboard, Restaurant Profile, Branches, Menu/Catalog, Orders, POS Approval Audit, Billing/Subscription, Analytics, Settings, Audit Logs
preview
read-onlyVisible: Dashboard, Restaurant Profile, Branches, Menu/Catalog, Orders, POS Approval Audit, Reports, Analytics, Settings, Audit LogsHidden/blocked: POS, Staff Roles, Billing/Subscription, Tenant DomainsRead-only: Dashboard, Restaurant Profile, Branches, Menu/Catalog, Orders, POS Approval Audit, Reports, Analytics, Audit LogsMutation denied: Dashboard, Restaurant Profile, Branches, Menu/Catalog, Orders, POS Approval Audit, Reports, Analytics, Settings, Audit Logs
preview

Sensitive module guardrails

Staff RolesSensitive module is masked for privileged review or blocked for non-privileged roles.
masked/blocked
Billing/SubscriptionSensitive module is masked for privileged review or blocked for non-privileged roles.
masked/blocked
Tenant DomainsSensitive module is masked for privileged review or blocked for non-privileged roles.
masked/blocked
SettingsSensitive module is masked for privileged review or blocked for non-privileged roles.
masked/blocked
Audit LogsSensitive module is masked for privileged review or blocked for non-privileged roles.
masked/blocked
No real permission grantsStatic local preview only.
true
No backend connectionMock API route returns local data.
true
No secrets or env filesNo values are read, written or exposed.
true