The Most Popular Extension Builder for Magento 2

With a big catalog of 224+ extensions for your online store

How to Assign & Manage User Roles in Magento 2?

Each person in a business performs a specific role. However, one can take charge of multiple functions at the same time. This overlap in tasks of employees in a company will obviously lead to a free flow of information between different departments.

However, unrestricted access to business information and gateway functionality comes with several risks of date security - the most “prior concern” of any business.

This post will go over the importance of user roles for eCommerce businesses, plus how each function is assigned and managed in Magento 2.

Benefits of role-based access control?

Benefits of role-based access control
Benefits of role-based access control?

Why does role-based access control matter?

A store can have many users (with different roles) who can log in to your web backend to assist with the day-to-day store operational activities.

Typically, the business owner will let their employees or partners access a certain amount of information due to data security requirements.

How a role-based access control model works:

  • Each user can only access their areas of responsibility via a personal account

  • The admin/ business owner manages, restricts, and grants the user access to certain information by assigning different roles for employees or contractors’ accounts

In more ways than one, lack of access control can put a company’s security profile at risk. Having complete control of access rights is the best choice to prevent eCommerce businesses from cybercriminals while remaining consistency across the whole system.


  • Give the store owner the possibility to keep track and manage the access right of all users, including who has access to what and why
  • Ensure compliance with proper regulations of employees and the business’s contractors
  • Enhance the security of data on the system and better enforce the access policies and regulations effectively
  • A pre-set user role system will results positively in improving the onboarding and onboarding procedures
  • Reduce administrative word and cost savings in the long run

Set user roles and permissions in Magento 2 Default

By default, Magento allows merchants to assign a role to other users.

Add a role name to assign users

Add a role name to assign users
The setting of Role infor at the Magento 2 backend
  • Log into your Admin account on Magento 2

  • One the Admin sidebar, navigate to System > Permissions > User Roles > Add New Role button

  • Open the Role Info section

  • Enter your wanted Role Name (Try to describe the role briefly) and the Password for user identity verification

Set the role resources

Set the role resources
Role Scopes settings on Magento 2 Default

Set Role Scopes to one of the following:

  • All
  • Custom (Magento Commerce only)

For the Custom selection, you can:

  • Choose the website and store where the role will be applied
  • Specify the area of information at the backend that a user can access by clicking on that resource

It means that once you complete this step, that selected user will only be able to access particular resources (for instance, Sales or Tax, etc.).

Assign a role to users

  • Open the Roles grid in edit mode
  • Enter your user account password as the admin for further configuration
  • Choose Role Users in the left panel. The Role Users option appears only after a new role is saved
  • Click on the checkbox of any user you want to be assigned to the role
  • Make sure to tap on the Save Role button afterward
Assign a role to users
Assign role to a new user

You can search for a specific user record via the search filter at the top of a column and press Enter. Click on the Reset Filter option when you’re done.

Limitation of the admin permission feature on Magento 2

Magento 2 is a powerful platform with many out-of-the-box features for sales, marketing, and security. Setting user roles is one of those tools, allowing a business to enhance its admin permission functionality and control over the data system.

Still, users aren’t able to take advantage of the user role setting on Magento 2 Default, plus lots of drawbacks need to be addressed, including:

  • All admin users get the same level of permissions. They can access the same sections on the data system and perform the same actions with no limitation

  • The process of managing admin permissions isn’t automatic. You have to remove a user role manually when needed

  • Assigning user role on Magento 2 Default is not well-optimized for multi-vendors as well as for a complicated company’s user structure working on the same system

Assign and Manage user roles with Admin Permission extension

Create new user roles

Enable the Admin Permissions extension on your Magento-based site
  • In the beginning, you need to download Magento 2 Admin Permission on Mageplaza and install it on your Magento 2 store.

  • Next, access your Admin account on Magento 2, mouse your mouse to the left sidebar, and select: Stores > Configuration > Mageplaza > Admin Permissions

  • Here choose Enable = Yes to activate the extension

The first stage is done. Now you’re ready to create and assign different levels of permissions to other users.

Add a new user role

To configure a user role at the backend, choose System > Permissions > User Roles > Add New Role button. Your working screen, then displays 3 tabs:

Configure the new role for users through 3 main tabs
  • Role Info

  • Role Resources

  • Admin permissions

On the Info tab, things go almost alike when you add a new role on Magento 2 Default. You still need to enter the Role Name and Password.

What’s more advanced is that the Admin Permissions extension allows setting the time validity for each role.

Role Resources

This functionality is restricted on Magento 2 default. However, with Mageplaza Admin Permissions, you can easily limit any user to specific areas of information at the backend.

Role Resources
The working screen of Role Resources setting at the backend

Just remember to click on the Save Role button when you’re done.

Admin permissions

The Admin Permissions tab functions as an exclusive feature of Mageplaza Admin Permission. In other words, it’s only available when you enable the extension on your site.

Admin permissions
7 types of restrictions of Mageplaza Admin Permissions

Here you can set admin permission by 7 types of restrictions:

  • Sale per Store Views.

  • Specific Categories

  • Products or product creators (product owner)

  • Specific Customers

  • Product Attributes

  • User Roles

  • Customize Limit Action

For each type of restrictions, you are able to choose whether to:

  • No: Disable the restrictions on admin for this area

  • Allow for specific Store Views/ Categories/ Product/ Customers/ Product Attributes/ Roles: Admin only has the ability to view and edit that selected information areas

  • Deny for specific Store Views/ Categories/ Product/ Customers/ Product Attributes/ Roles: Admin is not allowed to view as well as edit selected information areas

Assign roles to users

To assign your newly created role for a user, navigate to System > All User. Then, you have 2 options:

  • Change the role of already existed accounts: Click on your wanted account > go to its User Role tab > Change the role

  • Assign roles for new users: At the All User page > tap on the Add New User button

Set user info

Set user info
The User Info tab for the New User setting

Here is where you enter all the required information of a user account before allowing that person to access your web’s backend, including:

  • User Name/ First Name/ Last Name

  • Email

  • Password/ Password Confirmation

  • Interface Locale

  • The status activity of this account

Set user role

You’ve completed the user info. Let’s move to the User Role tab, where you assign a role to the new user. All the functions you saved previously will display on the Role grid below. You just need to click on your wanted role to assign it to any user

Set user role
The User Role grid

You can view both existing or newly defined user roles.

Manage user permissions

The system allows you to manage, view, and edit all users along with their roles in the store.

Manage user permissions
Manage all users via the Users grid

To edit a user role, all you need to do is:

  • Tap on the user you want to edit information

  • Make any desired changes

  • Finally, click the Save button

Magento 2 Admin Permission extension

The bottom line!

With the support of advanced extensions, setting up each role within your business and assigning it to many users has never been so easy.

This action of restriction helps you significantly personalize the access every role on your system has. Hopefully, this post can help you increase productivity and come back to simplifying administrative work.

Image Description
With over a decade of experience crafting innovative tech solutions for ecommerce businesses built on Magento, Jacker is the mastermind behind our secure and well-functioned extensions. With his expertise in building user-friendly interfaces and robust back-end systems, Mageplaza was able to deliver exceptional Magento solutions and services for over 122K+ customers around the world.

Looking for
Customization & Development Services?

8+ years of experiences in e-commerce & Magento has prepared us for any challenges, so that we can lead you to your success.

Get free consultant
development service

    Explore Our Products:


    Stay in the know

    Get special offers on the latest news from Mageplaza.

    Earn $10 in reward now!

    Earn $10 in reward now!

    go up