Access rights
This section describes how to manage access rights for users such as administrators, marketers, and merchandisers working in Episerver Commerce. When a user is created, you assign appropriate access rights depending on whether the user will work with CMS, catalog content, Commerce ManagerOne of several main user interfaces in Episerver Commerce. This UI area, available from the top menu after logging in, provides screens for managing markets, customers, catalog, orders, and so on. You can manage the information on some Commerce Manager screens in other, newer user interfaces. Where possible, we recommend using the newer ones., or all parts.
To manage users and access rights, you need administrative access rights in CMS. This description refers to a default implementation of Episerver Commerce. Your website may be configured differently, and have customized user and user group management.
Managing users and groups
You manage which users can access various parts of the system from the CMS admin view.
For easier and safer maintenance, it is recommended to base access rights on groups rather than individual users. Then, provide access rights to users by adding them to appropriate groups. See Managing users and user groups.
Be aware that both contacts (visitors registering on your public site or manually created in Commerce Manager) and system users created from the CMS admin view are visible in the same listing in CMS admin view and Commerce Manager. By default, contacts belong to the "Everyone" and "Registered" groups.
Groups and access rights
In addition to the default groups described in Access rights, Episerver Commerce has its own groups that you use to assign access rights for Commerce functions.
You must manually create the CommerceAdmins, CommerceSettingsAdmins and CatalogManagers groups before adding users to them. To do this, go to CMS > Admin > Access Rights > Administer Groups.
CMS groups for controlling access to Episerver Commerce
| Group | Provides access to | Comment |
|---|---|---|
| Administrators | All parts of the system, including Administration in Commerce Manager. |
Usually restricted to developers for implementation and maintenance. A built-in user group created when Episerver CMS is installed. |
| WebAdmins |
|
Usually restricted to very few users. A built-in user group created when Episerver CMS is installed. |
| WebEditors | The ability to edit Episerver Commerce content. Required for all users (if not members of WebAdmins or Administrators). |
A built-in user group created when Episerver CMS is installed. |
| Everyone | Derived from Windows, this group provides “anonymous” visitors with read access to content. All unregistered visitors to a public website are anonymous, meaning that they cannot be identified by the system. | A built-in user group created when Episerver CMS is installed. |
Episerver Commerce groups for controlling access to user interface areas
| Group | Provides access to |
|---|---|
| CommerceAdmins | All parts of Commerce Manager except Administration and the CMS admin view. |
| CatalogManagers | The Catalog user interface. |
| MarketingManagers | The Marketing user interface. |
| CommerceSettingsAdmins | The Commerce Settings tab, which allows editing of dictionary property values for Commerce content. |
Episerver Commerce groups for controlling access to order management functions
| Group | Provides access to |
|---|---|
| Order Supervisor | All order management procedures. |
| Order Managers |
|
| Receiving Manager |
|
| Shipping Manager | Viewing, packing, and completing shipments. |
To determine more granular access rights to Commerce Manager functions for any standard group, custom group, or individual users, use the permissions for functions screen. See Customizing group access to functions.
Customizing group access to functions
You can customize which groups and users can perform Episerver Commerce functions beyond the levels listed in Groups and access rights. For example, you can grant the Receiving Manager group the ability to allow refund credits, even though that group cannot access that function by default. Or, you can remove from the Order Managers group the ability to add, edit, delete payments for orders.
Permissions for Functions are only applied in Commerce Manager, not in the Catalog user interface.
To do this
- Go to CMS admin view > Config > Security > Permissions for Functions.
- Select a function.
- Assign or remove users or groups to/from that function.
Controlling access to catalogs and categories
Members of user groups have default access rights to catalog content, as described in Groups and access rights. You can override these settings, and grant predefined groups and users access to individual catalogsCommerce: a top-level container for catalog entries such as categories, products, and variants (SKUs). and categoriesCategories let you adjust the structure and range of a catalog to optimize the selling potential of products. You can use categories to search for products. You can also assign products to categories by creating relations.. You can also create custom groups then assign to their members the ability to perform various tasks on products in any category or catalog.
For example, a Site_Editors group has change permission for the entire catalog structure, while members of the Fashion_Editors group only have change permission for the Fashion catalog, and Automotive_Editors group members only have change permission for the Automotive catalog.
Note that you cannot set access rights for individual products. Products inherit permissions from their direct parents (but not "linked" parents).
Access rights set in the Catalog do not carry over to Commerce Manager (CM). So, users with CM access can still edit entries there despite the catalog settings. You can restrict access to CM through Customizing group access to functions. However, most users who edit catalogs cannot access CM.
To control access to catalogs or categories, follow these steps.
Prerequisite: To work with catalog and categories, users must belong to the WebEditors and CatalogManagers user groups.
Part 1: Create custom groups
Set up user groups that will have edit access to specific catalogs. See Managing users and user groups.
Part 2: Assign groups to catalogs/categories
- In the Catalog, navigate to the catalog or category for which you want to grant access to groups or users.
- Go to All properties view.
- Next to Visible to, click Manage. The Set Access Rights screen appears.
- Uncheck Inherit settings from parent item.
- Assign groups and users to appropriate actions for the catalog or category. If you do not see a group or user for which you want to assign access rights, click Add Users/Groups.
To learn about the access levels, see Access rights.
The image below illustrates an editor’s ability to edit the Mens Shoe category but no other categories under the parent.
Example: Creating a user with access rights in Episerver CMS and Episerver Commerce
In this example, you create a user who enriches product information and landing pages in Episerver CMS, catalog content in Episerver Commerce, and all parts of Commerce Manager.
- In the CMS admin view, go to Access Rights > Create User.
- Enter the user information, select Active, and add the user to the desired groups. In this example:
- WebEditors provides access to editing views
- CommerceAdmins provides access to Commerce Manager.
- Site_Editors structure group provides access the entire catalog structure (as illustrated in the above image).
- Click Save.
- Log in as the user to verify that proper access rights are applied.
Access rights for the Episerver platform
See Managing permissions for information about managing access rights for other parts of the Episerver platform.
Need help?