Currently, it appears that the ability to edit products, SKUs, services, and related operational settings requires granting “Manage Business” access through the gear icon. The concern is that this also appears to give the user access to areas they should not necessarily control, including permission groups and staff privilege settings.

This creates an internal-control and security issue for businesses that need to delegate operational setup tasks without also delegating access-control authority.

A business may reasonably need a manager or operations staff member to:

• Create and edit products
• Add or edit SKUs
• Manage inventory-related product details
• Create and edit services
• Update service settings

But that same user should not necessarily be able to:

• Edit permission groups
• Change their own permissions
• Change another staff member’s permissions
• Modify owner/admin access
• Access sensitive business-wide security settings

The requested enhancement is to separate these into distinct permissions, such as:

1. Manage Products / SKUs
2. Manage Services
3. Manage Inventory Settings
4. Manage Staff Permissions / Permission Groups

Ideally, “Manage Staff Permissions / Permission Groups” should be its own high-level permission that only owners/admins can grant. Non-admin staff should not be able to elevate their own access or modify other users’ access simply because they need to maintain products, SKUs, inventory details, or services.

It would also be helpful for Boulevard to add safeguards such as:

• Preventing users from editing their own permission group unless they are an owner/admin
• Preventing non-owner users from changing owner/admin permissions
• Audit logs showing who changed permissions and when
• More granular “gear icon” permissions so users can access only the specific settings they need

Product, SKU, inventory, and service maintenance are normal manager-level operational responsibilities. Staff access control is an owner/admin-level security responsibility. Combining these permissions forces businesses to choose between operational efficiency and proper access control.