With so many people involved in the implementation and management of an eCommerce site, from customer service representatives to programmers, things can get confusing. One way to ensure that the right people have access to the necessary sections of the Magento admin panel, and to balance the technical and business aspects of a project, is to utilize Magento permissions.
When dealing with permissions, there are two key parts to understand: roles and users. Roles contain the applicable permissions and their corresponding access rights. Users are the individuals who are assigned one or more roles.
Permissions allow you to assign access rights to a specific role or set of roles. There is often a master account that has access to everything and then select permissions are allotted to specific roles. For example, a customer service role may be given access to customer lists and sales records so that the assigned user can check on orders and make changes, whereas a programmer role would not have access to customer information. This allows for finer control over what admin users can and cannot see and access.
Utilizing permissions means that you are only giving users access to what they need, which, in a sense, protects them from themselves. If someone has access to aspects of a site that they not only do not need, but also do not understand, they could cause a lot of damage, whether intentionally or unintentionally.
One of the biggest benefits of utilizing role-based permissions is in the event of personnel changes. If a team member leaves a project for any reason and a new person takes over their position, transferring access rights is much easier. Instead of removing permissions from the former person in that role and applying them to the new person one by one, you simply change the role of each person. The corresponding permissions will transfer with the role.
For our development team, role-based permissions were an especially beneficial feature on a recent project. Using permissions, a role can remain constant even when activating or deactivating a user. For this recent project, our team set up five different roles for each site user and then assigned them whichever roles they needed in order to have appropriate access.
For those sites that contain multiple stores, setting up roles can be tedious. Currently, each role for each store needs to be set up manually, even if the permissions for each role are the same for every store. Our team came across this challenge when working with a customer who had eight stores on one instance of Magento. Instead of manually creating each role, Derrik Nyomo, Senior Magento Developer, created a role-copying module. Using the module, our development team just had to select the desired role and hit ‘copy,’ which then copied the assigned permissions to another site. This made it easy to create roles for each of those eight sites and saved our team a lot of time.
Leveraging permissions in your Magento store can improve the ongoing management of your site. Would you like to implement permissions on your Magento site? Want to learn more? Contact our talented development team.