Magento User Permissions

OK, so as a magento developer you have just created a fantastic Magento website for a customer. You have included all the tips and tricks that you know and really gone to town on it. You now have to pass the reigns over to the customer…sometimes this can be like handing over you brand spanking new Audi R8 to you kid brother for a test drive…a stressful experience, one which I have had to deal with on many an occasion. The Magento store handover that is – not the Audi R8, that baby is all mine.

It is important that you protect the vital areas of your Magento store. There are places within the admin section that are dangerous to the untrained user. You can spend an entire day teaching your customer how to manage the configuration side of the back-end but all it takes is one slip up, one moment of madness, and you will be spending the next 48 hours trying to piece together why the customer has rang up and complained that their site is currently looking like the rear end of some large hairy animal…

User Permissions! This is the term that you should all become familiar with. Those of you who have had experience in Wordpress should know all about user permissions, whether you are creating a user with the ability to change wordpress preferences or simply be restricted to writing and editing blogs – the principle is exactly the same in Magento.

In Magento there are two ways to create users and assign them a role, I will choose the role creation method first which is the easier way but you can reverse these two steps and the outcome will be the same.

To create user permissions for the average store owner here is what you do:

1.Creating the Role

First of all, when logged in as admin you should navigate to system>permissions>roles.

Click the button top right and create a new role.

Enter your role name (something like ’store owner’) and then click on the tab called Role Resources on the left.

This is where things get interesting, you should probably take your time and go through these and try to match them up in the navigation in your admin section. Really, for a shop owner you should probably tick all the boxes except the system box – and all the boxes within system. This way you leave the customer enough options to manage the store effectively without giving away anything too dangerous. When you are done you should see something like the image on the right.

2. Creating the User and assigning the Role

Now we have our ‘Store Owner’ role created and limited it to the non-vital, catastrophe-free areas of the site we can now create our Store Owner login and assign them this role.

After you have saved your role navigate to system>permissions>users. Choose to add a new user from the top or alternatively you can select an already active user and change their permissions from here.

Choose your username and password etc for the user and then click on the left tab that says User Role. You can now click on your ’store owner’ role and click save.

Now you have successfully created a brand new user – log in as them and you will see your limited menus in effect! Cool huh?

If you use this wisely you can really benefit your customers, creating different groups for each of their departments – say you wanted someone to manage just the newsletters – only give them access to the newsletter section, if you wanted someone to add new products but not categories – simply let them access the manage products section!

The possibilities are endless!

Thanks for visiting our magento blog at ecommerce website design. I hope you enjoyed this post and please leave some feedback of your own or if you have any questions or queries just let us know – we want to hear them!