Configured Commerce allows for the custom creation of security roles for the Admin Console. Creating custom roles gives the exact level of security desired. This article provides the basic instructions for creating a role and then provides the steps to address the scenario of creating a role that does not have access to Customers within the Admin Console.
Create a custom role
- Go to Admin Console > Administration > Permissions > Roles.
- Click Add Role.
- In Role Name, enter in the name of the new Role.
If the role is to have access to the Admin Console, it must begin with ISC_. Any role that is not preceded by ISC_ will not appear in the permissions in the Application Dictionary.
- Click Save.
Limiting Access to the Admin Console
Custom Roles can be used to limit certain users from accessing specific areas of the Admin Console. The steps below will address this scenario: We have a set of users that need to access the Admin Console to update Product information, but we do not want them to have access to Customer data
The ability to impersonate users is assigned only to the ISC_Implementer, ISC_Admin and ISC_User roles and you cannot add the ability to impersonate to your custom role.
Create the new role
- Follow the instructions above for creating a new custom Role. We will use the Role name of "ISC_ProductData".
Remove access to the customer entity
- Go to Administration > System > Application Dictionary and search for Customer.
- Select Edit for customer.
- Select the Permissions finger tab.
- Select Edit for the ISC_ProductData Role.
- Change the radio buttons to limit access, by selecting No.
- Click Save.
- Assign the Role to desired Users.
IMPORTANT: Roles with higher permission override Roles with lower permission. So, if a particular User has a Role that allows access to the Customer entity (for example, ContentAdmin), this access will supersede the Role that limits the access to the Customer entity.
Users who access the Admin Console with the ISC_ProductData role will not see the Customer entity: