Commerce > Managing content > Access rights

Access rights

This section describes how to manage access rights for users such as editors, administrators, and marketers working both in Episerver Commerce and Episerver CMS. When a user is created in the system, you can set desired access rights depending on whether the user is going to work with CMS, catalog content, Commerce Manager or all parts.

You need administrative access rights in CMS to manage users and access rights. The description here refers to a default implementation of Episerver Commerce, your website may be configured differently, and have customized user and user group management.

Managing users and groups

You manage users and access rights to various parts of the system from the CMS admin view. For easier and safer maintenance, it is recommended to base access rights on groups rather than individual users. Provide access rights by adding a user to appropriate groups, see Managing users and user groups.

Be aware that both contacts (visitors registering on your public site or manually created in Commerce Manager), and system users created from the CMS admin view, will be visible in the same listing in CMS admin, and in Commerce Manager. By default, registered visitors will belong to the "Everyone" and "Registered" groups.

Groups and access rights

In addition to the default groups described in Access rights , Commerce will add a set of groups, which can be used to assign access rights to Commerce functions. Using the groups described below you can control access rights to various parts of the system.

The CommerceAdmins, CommerceSettingsAdmins and CatalogManagers groups must be manually created in the CMS administration view before you can add users to them. Go to CMS > Admin > Set Access Rights and add the groups under Administer Groups.

Groups for controlling access to basic parts of the system

Group Provides access to
Administrators All parts of the system, including Administration in Commerce Manager. Usually restricted to developers for implementation and maintenance.
WebAdmins All parts of the editing and administration views in CMS and Commerce. All parts of Commerce Manager except Administration. Usually restricted to very few users.
WebEditors All parts of the CMS edit view except Visitor Groups. Required for all users (if not members of WebAdmins). Additional editing access rights in the CMS page tree is required for CMS content editors (see below).
CatalogManagers All parts of the Catalogs user interface.
CommerceSettingsAdmins The Settings option for adding dictionary property values for Commerce content.
CommerceAdmins All parts of Commerce Manager except Administration, but not the admin view in CMS.

Groups for providing specific access in Commerce Manager

You can use these groups for providing specific access to functionality in Commerce Manager.

Group Provides access to
Management Users All parts of Commerce Manager except Administration.
Order Supervisor Full administration of the order management procedure.
Order Managers Creating returns and exchanges, viewing and editing orders, sending notifications, processing payments and split shipments.
Receiving Manager Viewing shipments and receiving returns.
Shipping Manager Viewing, packing, and completing shipments.

In addition to these pre-defined groups, you can also use permissions for functions to set up customized access rights to functions in Commerce Manager, see below for more information.

Controlling user access for Commerce functions

You can manage access to Commerce functions on a very detailed level. A standard installation of Episerver Commerce has a set of predefined commerce-specific roles. By assigning these roles to users or user groups, you provide them with access rights to perform different tasks such as editing orders or deleting catalogs.

In the CMS admin view, go to Config > Security > Permissions for Functions, select a function and assign users or groups as desired.

See Permission for functions infor information.

Controlling access to the content structure

The WebEditors group provides access to the editing view only, so you also must grant editing access in the content structure to users who edit content in CMS. You can do this by creating "structure groups". For example, you can create a Site_Editors group with editing permission in the entire tree structure, and Product_Editors or News_Editors groups with limited editing access to selected parts of the tree. Define access rights for the groups in the page tree, and then add users to the groups as appropriate.

See access rights infor information about working with access rights in Episerver.

back to top

Episerver User Guide update 16-1 | Released: 2/16/2016 | Copyright © Episerver AB | Send feedback to us