User administration

In the User administration you can create new backend users and manage access permissions to areas, modules and plugins in accordance with certain group policies that you define per acl (access control List). Within the acls you have the possibility to control precisely which user is able to perform which activity. It's also possible to assign certain read permissions to a user/group without granting them permission to edit or delete.

In case you are using plugins without acl support and not every user should access the menu items of the plugin, we have created a tutorial for hiding those menu items.


In the overview of the user administration you will find three tabs at the top, the user management, the roles and the resources & permissions.

At the bottom, after opening the module, you will find all the users that have already been created as well as the current assignment of the users to the user groups. Here you are already in the menu item "User management".

Adding a user

Using Add user you can add a new user, here you have to enter information like the username, email address, password and also the full name, default language and the assignment to a user group (role). This data can be changed anytime. If you miss required fields, they will show up by a red underline. Also take care of a sufficient complex and long password.

  • Login (1): Here you have to provide the username and the password, you can also activate or deactivate the user here.
  • API access (2): If you activate the API access, the key will prefilled with a random one. If you still have a key for this user, just enter it here.
  • Main data (3): Here you can enter the full name of the user, his email address and the default language for the backend. Additionally, you assign the user to a role, just choose one from the dropdown. If the desired role is missing, just enter another one, create your role and finally assign the user to the desired role.
  • Individual user options (4): Here you can enable the advanced editor for this user. You can also enable or disable the backend cache for development.

Creating user groups

By clicking the menu item Roles you can see all created roles and also create new ones.


To create a new role, just click Add role, now a new line will appear in the overview. Now you can enter the name and description of this role and also activate / deactivate the role and set this role as an administrator role. Then click Update to save your entries. Now you can edit the permissions of this role and assign users to it.

Configuring role permissions

Via the menu item Resources and permissions you define the permissions of each role. Here you can add new resources and grant permissions for all resources. The resources are displayed in a tree structure, so you can open each resource by clicking the plus icon (1).

First select the role you want to edit by using the dropdown in the upper left of the area.

In each resource you can set the permissions to CREATE, READ, UPDATE and DELETE. Depending on what module you are editing, there may are more or less actions available. Now choose the permissions you want to grant for the selected role.

Save your changes by clicking Assign the selected privileges to the selected role (2) in the upper middle. The set permissions will work immediately.

Password Validation

Every action in the user management module, except reading, a password prompt will popup, this makes sure, that nobody make changes in this module, who is not the owner of the logged in backend user.

  • Create/Delete/Update a user
  • Create/Delete/Update a role
  • Create/Delete Privileges
  • Create/Delete Resources
  • Save Rules/Permissions relations
  • The operation should only continue, if the given password of the current user is valid.

Default resources

RessourceModule / function
analyticsMarketing > Analysis > Analysis
articleItems > Create
articlelistItems > Overview
attributesConfiguration > Free text field management
bannerMarketing > Banners
blogContent > Blog
canceledorderMarketing > Analysis > Cancellation analysis
categoryItems > Categories
configConfiguration > Basic settings
contenttypemanagerConfiguration > Content Types
customerCustomers > Customers
customerstreamCustomers > Customer Streams
debug_testUnitTests (only relevant for development)
emotionMarketing > Shopping Worlds
formContent > Forms
logConfiguration > Logfile
mailConfiguration > Email templates
mediamanagerContent > Media Manager
newslettermanagerMarketing > Newsletter Manager
notificationMarketing > Analysis > Email notification
orderCustomers > Orders
overviewMarketing > Analysis > Statistical overview
partnerMarketing > Affiliate program
paymentConfiguration > Payment methods
performanceConfiguration > Cache / Performance
pluginmanagerConfiguration > Plugin Manager
premiumMarketing > Premium items
productfeedMarketing > Item export
riskmanagementConfiguration > Risk management
shippingConfiguration > Shipping costs
siteContent > Shop pages
snippetConfiguration > Snippets
supplierItems > Manufacturers
swagimportexportContent > Import / export
swagupdate? > Software update
systeminfoConfiguration > System info
themeConfiguration > Theme Manager
usermanagerConfiguration > User administration
voteItems > Customer reviews
voucherMarketing > Vouchers
widgetsBackend widgets

Some functions have dependencies. For example: You want to assign permissions only for editing articles. The article module depends on the supplier (manufacturer), category (categories) as well as the media manager when the article is called. To grant permissions for editing articles, you need to grant READ permissions also for supplier, category and media manager, otherwise the module won't work properly.


If the roles from the examples below should appear in the backend log, you have to grant also permissions for the resource log.


Users must have administrative access in order to read the category modules. These additional permissions have to be set:



If a user should get full access to the category module, he must also have permissions for the articles and the media manager. The following permissions must be set:



If a user should get full access to the customer administration, he must also receive READ permissions for certain basic permissions. The following permissions must be set:

mediamanager > read
emotion > read
ticket > read (if you use the ticket system)
customerstream > read
customerstream > search_index
customerstream > charts


If a user should get read-access to the customer module. These additional permissions are needed:

customer > read
order > create
order > read
order > update
order > delete 
order > deleteDocument   
supplier > read 


If a user should be able to create, edit or delete shopping worlds, he has to get read permissions for articles, supplier, blog and categories. Also full access to the media manager must be granted. You have to set the following permissions:

article > read
blog > read
catgory > read
emotion > create
emotion > delete
emotion > read
emotion > update
mediamanager > create
mediamanager > delete
mediamanager > read
mediamanager > update
mediamanager > upload
supplier > read

Adding user actions to the Shopware log

Interactions of users are written in the Shopware log only if the log permission is granted.

log > read
log > system

Ticketsystem (Plugin)

customer > update
customer > read
customer > detail
usermanager > read
usermanager > update
widgets > swag-ticket-system
ticket > create
ticket > read
ticket > update
ticket > delete
ticket > configure
mediamanager > read


premium > read
riskmanagement > save
riskmanagement > read
riskmanagement > delete
config > create
config > read
config > update
config > delete


overview > read
analytics > read

Was this article helpful?