Skip to main content

Security & User Access Levels

Security & User Access Levels

FastBound in CloudFFL uses a role-based security system with three access levels. Each level controls what a user can see and do within the FastBound menus. Assigning the right level to each employee protects your compliance data and API credentials.

The Three Security Groups

GroupWho Should Have ItWhat They Can Do
FastBound User
fastbound_user		 Counter staff, sales associates
  • View compliance records (serial numbers, acquisitions, dispositions)
  • Read-only access to FastBound data — users cannot create or modify acquisitions, dispositions, or other compliance records
  • Run basic compliance reports
FastBound Manager
fastbound_manager		 Store managers, lead staff
  • Everything a User can do, plus:
  • Create and manage acquisitions and dispositions
  • Pull 4473 orders into POS
  • Import compliance products
  • Manage trade credits and customer credit transactions
  • View webhook history
FastBound Administrator
fastbound_admin		 Store owner, IT administrator
  • Everything a Manager can do, plus:
  • Configure FastBound API credentials (API Key, Account ID)
  • Manage webhook settings
  • Edit all FastBound configuration settings
  • Activate or deactivate FastBound accounts

How to Assign a Security Group to a User

  1. Navigate to Settings → Users & Companies → Users
  2. Select the user you want to update
  3. Scroll down to the FastBound section (or look for a FastBound tab)
  4. Choose the appropriate group: User, Manager, or Administrator
  5. Click Save

Important: API credentials (your FastBound API Key and Account ID) are only visible to users in the FastBound / Administrator group. Do not assign Administrator access to employees who do not need to manage the FastBound connection. If your API key is exposed or misused, your compliance data could be compromised.

Audit Trail

Key records and configuration changes are tracked with the user name and timestamp through Odoo's built-in tracking system. This means you can trace back who created an acquisition, who processed a disposition, or who changed a configuration setting. This audit trail is critical for:

  • Internal accountability — Know exactly who did what and when
  • ATF inspections — Demonstrate that your shop maintains proper controls
  • Error investigation — If a record is incorrect, you can identify who entered it and when

Tip: As a best practice, every employee who handles firearms should have their own Odoo login with the appropriate FastBound security group. Do not share login credentials between employees — shared accounts make it impossible to trace who did what.

Back to top