eCommerce Blog | IronPlane

How to Set Up User Roles and Permissions — and Why They Are Important

Written by Kristin Jordan | March 21, 2019

Magento 2’s User Role functionality enables eCommerce store owners to specify permissions for various groups of users based on their individual needs.

When you create an Administrator role within Magento 2, that role receives full permissions by default.  Most Magento 2 users do not require access to all the sections found in the Admin panel.  For example, most business owners will not want Sales Representatives and Customer Service employees to have access to the Advanced section of the Configuration, where they can potentially disable vital system modules.  Avoid this by creating roles with specific permissions as they pertain to individual responsibilities.

By creating user roles and permissions during Magento development, business owners protect their eCommerce stores from accidental configuration mishaps.  User roles and permissions can also help users learn their specific roles within the Magento Admin, as they significantly reduce menu links from more than 80 to four or five, depending on a particular role.

Professional Recommendations from IronPlane

Image via Flickr by wocintechchat.com

Magento 2 automatically includes an Administrator role.  IronPlane experts suggest having only one “Master” Admin connected to this role, accessible only by the eCommerce store owner, and then establishing a System Administrator role that has access to all Dashboard areas except User roles.  This provides peace of mind in knowing a user exists with Master Admin access in case a System Administrator role is modified maliciously or unintentionally.

Lengthening Your Admin User Session

Configuring settings within your Magento 2 eCommerce store can take time, occasionally more time than a standard user session.  Magento 2 automatically logs Administrators out if they have been idle for more than 15 minutes.  To avoid being logged out before you can save the changes you’re working on, it’s best to extend the time of your session.

You can adjust the time setting by completing the following steps:

  1. Access your Magento 2 eCommerce store via your Admin account.
  2. Via the Dashboard, click “STORES” found on the sidebar to the left.
  3. Select “Configuration” option from the “Stores” menu.
  4. Choose the “Advanced” option from the “Configuration” menu.
  5. Select “Admin” from the “Advanced” menu, bringing up a page with various Admin-related features, including session length.
  6. Below “Security,” find “Admin Session Lifetime (seconds)” – an input field where the default value is 900 seconds.
  7. Change the value to the desired length, and click “Save Config.”

Creating a New Magento 2 Admin Role

Once you have increased the duration of your Admin session, you can easily create custom roles and permissions.  This article will demonstrate how to create a Customer Service Representative standard role, plus permissions granting representatives access to what they require to keep clients happy.

Step 1

Create a User role by navigating the following path: System → Permissions → User Roles, then click on the “Add New Role” button.

Step 2

Create a name for the role you are establishing and enter it into the Role Info section.  This name is only for internal use and should describe the responsibilities associated with the role.  This will help you remember each role’s name and function.  You must enter your password to complete this step.

Step 3

Define permissions you wish to provide users assigned to this role.  Under the Role Resources menu, you can choose from two options:

  1. All:  Users in this Role Group have access to all segments within the Dashboard, giving them the same access level as Administrators.
  2. Custom:  Allows you to customize the segments users in the Role Group have access to.

By selecting Custom, you can choose the Dashboard areas you want that role to have access to.

Step 4

Generally, users working in Customer Service will require access to the following portions of the Admin panel to complete day-to-day customer interactions effectively:

  • Billing Agreements
  • Carts
  • Credit Memos
  • Customers
  • Invoices
  • Products
  • Sales
  • Shipments
  • Transactions

By checking the box for any section, you are also selecting all subsections associated with that section.  You can choose which subsections you don’t want a role to have access to by unchecking that particular box.

Magento 2’s sidebar provides a useful guide for assigning resources to a specific user role.  All Magento menu items — Customers, Products, Sales, Marketing, etc. —  are identified as high-level resources.  Begin here to find the specific portions of the Admin panel you want to allow access to.

For example, if you want to allow the Customer Service Representative role access to the Credit Memos segment, you would locate Credit Memos found under Sales > Operations on the resources page.  You can determine if the options you have selected target the correct segment by saving the role and then logging in as a user with the role you are working on.

Custom-developed modules or extensions get added by default to the Roles Resources tab as unselected options for all user groups with custom Resource Access.  To make sure Admins can view the proper segments, you will need to grant them access manually.

Step 5

Save the role once you have selected the permissions you want to provide it access to.

Step 6

After saving, the page will refresh, enabling you to view a new tab labeled Role Users, which lists all users within the role. You can assign additional users to a specific role from either the user edit or user creation screens by checking the box next to their names and saving the role.

After creating the Admin role, you can adjust Role Resources to remove or add access to any Dashboard section. Establishing a test user under any new role creation allows you to verify that users within that role have the necessary permissions for segments they need to access to do their jobs correctly.  It also allows you to ensure they don’t have access to unnecessary segments.

Examples of Admin roles you might establish for your eCommerce store include:

  • Accounting
  • Copywriter
  • Developer
  • Marketing Specialist
  • Sales Representative

Contact the expert team at IronPlane today for help creating user roles and permissions for your eCommerce store.