User Roles

To give someone restricted access to the Admin, the first step is to create a role that has the appropriate level of permissions. After the role is saved, you can add new users and assign the restricted role to grant them limited access to the Admin.

Admin - user roles

Define a role

  1. On the Admin sidebar, go to System > Permissions > User Roles.

  2. In the upper-right corner, click Add New Role. Then, complete the steps to define the role:

Step 1: Add the role name

  1. Under Role Information, enter a descriptive Role Name.

  2. Under Current User Identity Verification, enter Your Password.

    System permissions - role information Role Name

Step 2: Assign resources

Important! When assigning resources, be sure to disable access to the Permissions tool if you are limiting access for a given role. Otherwise, users will be able to modify their own permissions.

  1. Set Role Scopes to one of the following:

    • All
    • Custom

    If set to Custom for a multisite installation, select the checkbox of the website and store where the role is to be used.

    User role resources - custom scope Custom Role Scope

    Users with Custom role scope are not able to create websites and categories, assign products to categories, and do other global actions affecting scopes where they don’t have access.

  2. Under Roles Resources, set Resource Access to Custom.

  3. In the tree, select the checkbox of each Admin Resource that the role can access.

    To create an Admin role with access to tax settings, choose both the Sales/Tax and System/Tax resources. If setting up a website for a region that differs from your default shipping point of origin, you must allow access to the System/Shipping resources for the role. The shipping settings determine the store tax rate that is used for catalog prices.

    Assigned user role resources Role Resources Assigned

    The list of available permissions may include additional options for Commerce developed, Core Bundled, and installed extensions. By selecting the top-most permission for each feature, you assign all permissions available for the user.

    An Admin user must have Sales / Archive permissions for their role scope to see the Invoices, Credit Memos, and Shipments order tabs.

  4. When complete, click Save Role.

    The role now appears in the grid and can be assigned to user accounts.

Assign a role to user(s)

  1. From the Roles grid, open the record in edit mode.

  2. Under Current User Identity Verification, enter your user account password.

  3. In the left panel, choose Role Users.

    The Role Users option appears only after a new role is saved.

  4. To search for a specific user record, do the following:

    • Enter the value in the search filter at the top of a column. Then, press Enter.

    • When you are ready to return to the full list, click Reset Filter.

  5. Select the checkbox of any user(s) to be assigned to the role.

  6. Click Save Role.

    User accounts assigned to the role Role Users

Edit a role

  1. On the Admin sidebar, go to System > Permissions > User Roles.

  2. Locate the role using filters above the grid and click the role name.

  3. Make needed changes.

    Review the steps for creating a user role for information about the role settings.

  4. When prompted, enter Your Password to confirm your identity.

  5. Click the Save Role.

Delete a role

  1. On the Admin sidebar, go to System > Permissions > User Roles.

  2. Locate the role using filters above the grid and open in edit mode.

  3. In the upper-right corner, click Delete Role.

  4. To confirm the action, click OK.