In the User administration you can create new backend users and manage access permissions to areas, modules and plugins in accordance with certain group policies that you define per acl (access control List). Within the acls you have the possibility to control precisely which user is able to perform which activity. It's also possible to assign certain read permissions to a user/group without granting them permission to edit or delete.
In case you are using plugins without acl support and not every user should access the menu items of the plugin, we have created a tutorial for hiding those menu items.
The module contains a menu on the left hand side, which contains the "List of users", "List of roles" and "Edit roles & permissions".
After opening the module you see the already existing users grouped by their roles on the right hand side. Here you are already in the menu item "List of users".
Using Add user you can add a new user, here you have to enter informations like the username, email address, password and also the full name, default language and the assignment to a user group (role). This data can be changed anytime. If you miss required fields, they will show up by a red underline. Also take care of a sufficient complex and long password.
By clicking the menu item List of roles you can see all created roles and also create new ones.
To create a new role, just click Add role, now a new line will appear in the overview. Now you can enter the name and description of this role and also actvate / deactivate the role and set this role as an administrators role. Then click Update to save your entries. Now you can edit the permissions of this role and assign users to it.
Via the menu item Edit rules and permissions you define the permissions of each role. Here you can add new ressources and grant premissions for all ressources. The ressources are displayed in a tree structure, so you can open each ressource by clicking the plus icon (1).
First select the role you want to edit by using the dropdown in the upper left of the area.
In each ressource you can set the permissions to CREATE, READ, UPDATE and DELETE. Depending on what module you are editing, there may are more or less actions available. Now choose the permissions you want to grant for the selected role.
Save your changes by clicking Assign the selected privileges to the selected role in the upper middle. The set permissions will work immediately.
Every action in the user management module, except reading, a password prompt will popup, this makes sure, that nobody make changes in this module, who is not the owner of the logged in backend user.
|Ressource||Module / function|
|analytics||Marketing > Analysis > Analysis|
|article||Items > Create|
|articlelist||Items > Overview|
|attributes||Configuration > Free text field management|
|banner||Marketing > Banners|
|blog||Content > Blog|
|canceledorder||Marketing > Analysis > Cancellation analysis|
|category||Items > Categories|
|config||Configuration > Basic settings|
|customer||Customers > Customers|
|debug_test||UnitTests (only relevant for development)|
|emotion||Marketing > Shopping Worlds|
|form||Content > Forms|
|importexport||Content > Import / export|
|log||Configuration > Logfile|
|Configuration > Email templates|
|mediamanager||Content > Media Manager|
|newslettermanager||Marketing > Newsletter Manager|
|notification||Marketing > Analysis > Email notification|
|order||Customers > Orders|
|overview||Marketing > Analysis > Statistical overview|
|partner||Marketing > Affiliate program|
|payment||Configuration > Payment methods|
|performance||Configuration > Cache / Performance|
|pluginmanager||Configuration > Plugin Manager|
|premium||Marketing > Premium items|
|productfeed||Marketing > Item export|
|riskmanagement||Configuration > Risk management|
|shipping||Configuration > Shipping costs|
|site||Content > Shop pages|
|snippet||Configuration > Snippets|
|supplier||Items > Manufacturers|
|swagupdate||? > Software update|
|systeminfo||Configuration > System info|
|theme||Configuration > Theme Manager|
|usermanager||Configuration > User administration|
|vote||Items > Customer reviews|
|voucher||Marketing > Vouchers|
Some functions have dependencies. For example: You want to assign permissions only for editing articles. The article module depends on the supplier (manufacturer), category (categories) as well as the mediamanager when the article is called. To grant permissions for editing articles, you need to grant READ permissions also for supplier, category and mediamanager, otherwise the module won't work properly.
If the roles from the examples below should appear in the backend log, you have to grant also permissions for the ressource log.
Users must have administrative access in order to read the category modules. These additional permissions have to be set:
category mediamanager article emotion articlelist
If a user should get full access to the category module, he must also have permissions for the articles and the media manager. The following permissions must be set:
category article mediamanager
If a user should get full access to the customer administration, he must also receive READ permissions for certain basic permissions. The following permissions must be set:
customer mediamanager > read emotion > read ticket > read (if you use the ticket system) customerstream > read customerstream > search_index customerstream > charts
If a user should get read-access to the customer module. These additional permissions are needed:
customer > read order order > create order > read order > update order > delete
If a user should be able to create, edit or delete shopping worlds, he has to get read permissions for articles, supplier, blog and categories. Also full access to the media manager must be granted. You have to set the following permissions:
article > read blog > read catgory > read emotion emotion > create emotion > delete emotion > read emotion > update mediamanager mediamanager > create mediamanager > delete mediamanager > read mediamanager > update mediamanager > upload supplier > read
Interactions of users are written in the Shopware log only if the log permission is granted.
log log > read log > system
customer customer > update customer > read customer > detail usermanager usermanager > read usermanager > update wdigets widgets > swag-ticket-system ticket ticket > create ticket > read ticket > update ticket > delete ticket > configure
premium > read riskmanagement > save riskmanagement > read riskmanagement > delete config config > create config > read config > update config > delete
overview overview > read analytics analytics > read