You are here: Commerce > Managing content > Access rights

Access rights

Access right management involves setting permissions for users working with content in EPiServer Commerce and EPiServer CMS. These may or may not be the same individuals, depending on the size and setup of the organization. A “marketer” for instance may work with campaign pages in EPiServer CMS as well as enriching product content in Commerce. A “merchandiser” may work with pricing information and categorization of catalog entries in the catalog interface in Commerce. Refer to Roles and tasks for more information about users in EPiServer Commerce.

Note that you need administrative access rights in both CMS and Commerce Manager to manage users and access rights for various parts of the system.

Contacts and accounts

The user administration in the Commerce Manager back-end system is based on contacts. A “contact” can be a (registered) customer shopping on the website, as well as a someone working with the system, editing website content or managing online store tasks.

When an online customer decides to register with the website, a contact with an account is created. However, anonymous shopping is allowed, which means that shoppers are not required to create an account in order to purchase. Contacts can belong to organizations. The relationship between organizations, contacts, accounts, roles and user groups, is illustrated below.

A contact can have an account associated with it, which is needed if you want to assign access rights to that contact. Only contacts with associated accounts will appear in the CMS admin view, which is where you set access rights for editing website content.

Managing users

Contacts, accounts and organizations in Commerce are administered from the Customers system. This includes managing user accounts and adding roles to users (contacts). Setting access rights for editorial content management in the page tree of the website is done from the CMS admin view.

When a user has been created in the system, you can set the desired access rights, depending on whether the user is going to work with CMS, catalog content, the Commerce Manager back-end system or all parts.

A user with an account created in Commerce Manager will be available in CMS, whereas a user created in CMS will not be available in Commerce Manager. This means that users must be created in Commerce Manager first, to be able to work with both CMS and Commerce Manager.

Restricting access rights to the user interface

In addition the default EPiServer groups “WebEditors” and “WebAdmins” for controlling access to the edit and admin views in CMS, Commerce has some specific groups for controlling access to the Commerce user interface:

The following settings are needed depending on what parts of the system users will be working with:

Note that the CommerceAdmins, CommerceSettingsAdmins and CatalogManagers groups need to be manually created in the CMS administration view, before you can add users to them. Go to the CMS > Admin > Set Access Rights, and add the groups under Administer Groups.

Creating a user and provide access right in CMS and Commerce

Follow the steps below to create a user and provide access rights.

  1. In Commerce Manager, go to Customers and create a contact with an account.
  2. In the CMS admin view, go to Search User/Group and locate the user you created in the previous step. Click on the user name to edit the settings.

  3. Add the desired access rights and click Save.
  4. Log in with the user to verify that proper access rights are applied.

Restricting user access in Commerce Manager

A standard installation of the sample site has a set of predefined roles, which you can use to restrict access to various parts of Commerce Manager. These roles are based on common e-commerce working procedures and provides a suggestion to how you can work with the system. A user will need at least one of these roles assigned, in order to access Commerce Manager.

Each role is associated with a range of permissions on different levels, related to the various parts of EPiServer Commerce.

The following roles are available by default, with a set of permissions for each role:

You can change the detailed permissions for each of these roles, as well as define your own roles and set permissions, all in order to match the specific working procedures in your organization.

Additional accounts used by your internal team to access EPiServer Commerce must have one or more Roles assigned to them. A role can be for instance "Catalog Viewers", "Marketing Admins" or "Asset Managers".

EPiServer Commerce users are internal to your organization and should not be confused with customers. By default, customers who register from your public site are given the "Everyone" and "Registered" Roles, but these roles do not allow access to the administration interface of EPiServer Commerce.

Restricting user access in CMS

The WebEditors group only provides access to the editing view. Users editing content in CMS must also be granted editing access in the page tree. This can be done using "structure" groups. You can for instance create a group "Site_Editors" with editing permission in the entire tree structure, and groups such as "Product_Editors" or "News_Editors" limiting editing access to selected parts of the tree. Define access rights for the groups in the page tree, and then add users to the groups as appropriate.

Refer to access rights in the administration section for more information on how to work with access rights in EPiServer.


EPiServer User Guide update 14-1 | Released: 2014-10-29 | Copyright © EPiServer AB | Send feedback to us