How to Assign & Manage User Roles in Magento 2?

Each person in a business performs a specific role. However, one can take charge of multiple functions at the same time. This overlap in tasks of employees in a company will obviously lead to a free flow of information between different departments.

However, unrestricted access to business information and gateway functionality comes with several risks of date security - the most “prior concern” of any business.

This post will go over the importance of user roles for eCommerce businesses, plus how each function is assigned and managed in Magento 2.

Table of contents:

• Benefits of role-based access control?
• Set user roles and permissions in Magento 2 Default
  • Add a role name to assign users
  • Set the role resources
  • Assign a role to users
• Limitation of the admin permission feature on Magento 2
• Assign & Manage user roles with Admin Permission extension
  • Create new user roles
    • Add a new user role
    • Role Resources
    • Admin permissions
  • Assign roles to users
    • Set user info
    • Set user role
  • Manage user permissions
• The bottom line!

Benefits of role-based access control?

Why does role-based access control matter?

A store can have many users (with different roles) who can log in to your web backend to assist with the day-to-day store operational activities.

Typically, the business owner will let their employees or partners access a certain amount of information due to data security requirements.

How a role-based access control model works:

• Each user can only access their areas of responsibility via a personal account

• The admin/ business owner manages, restricts, and grants the user access to certain information by assigning different roles for employees or contractors’ accounts

In more ways than one, lack of access control can put a company’s security profile at risk. Having complete control of access rights is the best choice to prevent eCommerce businesses from cybercriminals while remaining consistency across the whole system.

Why?

• Give the store owner the possibility to keep track and manage the access right of all users, including who has access to what and why
• Ensure compliance with proper regulations of employees and the business’s contractors
• Enhance the security of data on the system and better enforce the access policies and regulations effectively
• A pre-set user role system will results positively in improving the onboarding and onboarding procedures
• Reduce administrative word and cost savings in the long run

Set user roles and permissions in Magento 2 Default

By default, Magento allows merchants to assign a role to other users.

Add a role name to assign users

• Log into your Admin account on Magento 2

• One the Admin sidebar, navigate to System > Permissions > User Roles > Add New Role button

• Open the Role Info section

• Enter your wanted Role Name (Try to describe the role briefly) and the Password for user identity verification

Set the role resources

Set Role Scopes to one of the following:

• All
• Custom (Magento Commerce only)

For the Custom selection, you can:

• Choose the website and store where the role will be applied
• Specify the area of information at the backend that a user can access by clicking on that resource

It means that once you complete this step, that selected user will only be able to access particular resources (for instance, Sales or Tax, etc.).

Assign a role to users

• Open the Roles grid in edit mode
• Enter your user account password as the admin for further configuration
• Choose Role Users in the left panel. The Role Users option appears only after a new role is saved
• Click on the checkbox of any user you want to be assigned to the role
• Make sure to tap on the Save Role button afterward

You can search for a specific user record via the search filter at the top of a column and press Enter. Click on the Reset Filter option when you’re done.

Limitation of the admin permission feature on Magento 2

Magento 2 is a powerful platform with many out-of-the-box features for sales, marketing, and security. Setting user roles is one of those tools, allowing a business to enhance its admin permission functionality and control over the data system.

Still, users aren’t able to take advantage of the user role setting on Magento 2 Default, plus lots of drawbacks need to be addressed, including:

• All admin users get the same level of permissions. They can access the same sections on the data system and perform the same actions with no limitation

• The process of managing admin permissions isn’t automatic. You have to remove a user role manually when needed

• Assigning user role on Magento 2 Default is not well-optimized for multi-vendors as well as for a complicated company’s user structure working on the same system

Assign and Manage user roles with Admin Permission extension

Create new user roles

• In the beginning, you need to download Magento 2 Admin Permission on Mageplaza and install it on your Magento 2 store.

• Next, access your Admin account on Magento 2, mouse your mouse to the left sidebar, and select: Stores > Configuration > Mageplaza > Admin Permissions

• Here choose Enable = Yes to activate the extension

The first stage is done. Now you’re ready to create and assign different levels of permissions to other users.

Add a new user role

To configure a user role at the backend, choose System > Permissions > User Roles > Add New Role button. Your working screen, then displays 3 tabs:

• Role Info

• Role Resources

• Admin permissions

On the Info tab, things go almost alike when you add a new role on Magento 2 Default. You still need to enter the Role Name and Password.

What’s more advanced is that the Admin Permissions extension allows setting the time validity for each role.

Role Resources

This functionality is restricted on Magento 2 default. However, with Mageplaza Admin Permissions, you can easily limit any user to specific areas of information at the backend.

Just remember to click on the Save Role button when you’re done.

Admin permissions

The Admin Permissions tab functions as an exclusive feature of Mageplaza Admin Permission. In other words, it’s only available when you enable the extension on your site.

Here you can set admin permission by 7 types of restrictions:

• Sale per Store Views.

• Specific Categories

• Products or product creators (product owner)

• Specific Customers

• Product Attributes

• User Roles

• Customize Limit Action

For each type of restrictions, you are able to choose whether to:

• No: Disable the restrictions on admin for this area

• Allow for specific Store Views/ Categories/ Product/ Customers/ Product Attributes/ Roles: Admin only has the ability to view and edit that selected information areas

• Deny for specific Store Views/ Categories/ Product/ Customers/ Product Attributes/ Roles: Admin is not allowed to view as well as edit selected information areas

Assign roles to users

To assign your newly created role for a user, navigate to System > All User. Then, you have 2 options:

• Change the role of already existed accounts: Click on your wanted account > go to its User Role tab > Change the role

• Assign roles for new users: At the All User page > tap on the Add New User button

Set user info

Here is where you enter all the required information of a user account before allowing that person to access your web’s backend, including:

• User Name/ First Name/ Last Name

• Email

• Password/ Password Confirmation

• Interface Locale

• The status activity of this account

Set user role

You’ve completed the user info. Let’s move to the User Role tab, where you assign a role to the new user. All the functions you saved previously will display on the Role grid below. You just need to click on your wanted role to assign it to any user

You can view both existing or newly defined user roles.

Manage user permissions

The system allows you to manage, view, and edit all users along with their roles in the store.

To edit a user role, all you need to do is:

• Tap on the user you want to edit information

• Make any desired changes

• Finally, click the Save button

The bottom line!

With the support of advanced extensions, setting up each role within your business and assigning it to many users has never been so easy.

This action of restriction helps you significantly personalize the access every role on your system has. Hopefully, this post can help you increase productivity and come back to simplifying administrative work.