v1.0.0 Stable

Companies

What This Option Does

Companies module manages all tenant businesses in the SaaS platform. Admin can create, update, and control operational access status.

How Admin Uses This

  1. Open Companies list and use search/filter to find target records.
  2. Create a company with required profile data.
  3. Edit company details when business information changes.
  4. Update status (active/inactive/suspended) and verify user access impact.

Company Management Workflow

Create Company

  1. Click Add Company from the Companies list.
  2. Enter company identity details such as company name, owner/admin name, email, phone, address, and business information.
  3. Select the initial status. Use active only when the company should be able to log in and use the system immediately.
  4. Save the company and confirm it appears in the Companies list with the correct profile and status.
  5. Open the company details page to assign feature permissions and right permissions before handover.

Edit Company

  1. Find the company from the list using search, filter, or pagination.
  2. Click the edit action for the selected company.
  3. Update only the required business, contact, or profile fields.
  4. Save changes and re-open the company details to verify the updated information.
  5. If company email, phone, or owner data changes, notify the tenant administrator so their team has the latest account information.

Give Feature Permission

  1. Open the target company details page from the Companies list.
  2. Go to the feature permission or feature preference action for that company.
  3. Enable the modules the company is allowed to use, such as inventory, POS, reports, rewards, demand tags, discounts, or warehouse features.
  4. Disable features that are not included in the company's plan or operational scope.
  5. Save or sync the feature permissions, then verify the tenant menu only shows the enabled features.

Give Right Permission

  1. Open the company details page and choose the rights or permissions action.
  2. Select the company-level rights that should be available to the tenant, such as product, stock, sales, purchase, report, user, and settings actions.
  3. Use least privilege when assigning rights. Only enable permissions the company needs for daily work.
  4. Save or sync rights for the company.
  5. Ask the tenant admin to refresh or log in again, then verify that restricted actions are hidden or blocked correctly.

Status Change

  1. Use the status action from the Companies list or company details page.
  2. Set the company to active when access should be allowed.
  3. Set the company to inactive or suspended when access must be blocked because of billing, compliance, support, or operational reasons.
  4. Confirm the status update before saving because it can affect all users under that company.
  5. After changing status, test login or module access with a tenant user to confirm the expected access result.

Screenshot Placeholder

Companies Screenshot Placeholder
Add screenshot file at documentaion/assets/images/backoffice-companies.png

Enterprise Technical Specification

Business Capabilities

  • Company CRUD
  • Status management
  • Bulk status/update/delete
  • Company feature permission assignment
  • Company right permission assignment

API Contract Surface

Primary API endpoints used by this module:

  • /api/v1/backoffice/companies
  • /api/v1/backoffice/companies/{id}
  • /api/v1/backoffice/companies/{id}/status
  • /api/v1/backoffice/companies/{id}/rights
  • /api/v1/backoffice/companies/{id}/feature-preferences
  • /api/v1/backoffice/companies/{id}/feature-preferences/sync
  • /api/v1/backoffice/companies/multiple-delete
  • /api/v1/backoffice/companies/status-update/multiple

Permission Blueprint

Recommended permission keys for production role design:

  • backoffice.company.view
  • backoffice.company.create
  • backoffice.company.edit
  • backoffice.company.delete
  • backoffice.company.status.manage
  • backoffice.company.rights.manage
  • backoffice.company.features.manage

Operational Risk and Control Notes

  • Wrong company status impacts tenant access
  • Bulk delete risk
  • Enable activity logging and include company_id, actor ID, and target entity ID in audit traces.
  • Apply least-privilege principle for create/update/delete actions.

QA Verification Checklist

  • Validate list API load, empty-state behavior, and pagination consistency.
  • Verify create/update/delete response contract (status, message, data).
  • Confirm permission denial responses for unauthorized roles.
  • Test edge inputs and invalid IDs for safe error handling.