hi Tom.. thanks for fast response..ive already try steps carefully ..but the staff still can add/delete/edit the information.. kindly advise on what part i did wrong.

open web/staff/app/cls_ps.staff.inc.php and add

if ( !$this->sys->IsAdmin() ) exit;

after

case 'del_multi':

The result should look like:

case 'del_multi': if ( !$this->sys->IsAdmin() ) exit;

(ive done this step and try login on non admin..bust still the staff add/delete/edit

i do the same on the following lines, too.
case 'edit_done':
case 'reg_inp':
case 'reg_done':
case 'del_multi':

but the result stay the same.

hope on your response.. thanks in advance

>the result stay the same.

You mean that the buttons are still visible?
You need to remove buttons from the template.
Just like you did it for the delete button, described this article:
http://www.phpkobo.com/article--m2413