You are browsing the documentation for version 4.1 of OroCommerce, OroCRM and OroPlatform, which is no longer maintained. Security Support ends in January 2023. Read version 5.0 (the latest LTS version) of the Oro documentation to get the updated information.
See our Release Process documentation for more information on the currently supported and upcoming releases.
Customer Permissions Concept Guide
Customer user roles have predefined sets of permissions and access levels. Roles are designed to give their owners a particular area of responsibility which defines what users can and cannot do within the website. Usually, roles are created based on the job responsibilities of specific users: a sales manager, a marketing team member, or an administrator. It is possible to create as many roles as required and configure them according to the needs of your company.
A role has the following types of permissions:
- System capabilities
- Entity-level permissions
- Workflow permissions
Each permission can be assigned a certain access level (Corporate, Department, User, None, etc). In Oro applications, access levels for customer user roles are similar to the back-office user roles, but, conceptually, they are not the same. More details on the permissions and access granted to the back-office users are described in the Roles and Permissions topic.
Access levels for storefront user roles
Access levels for back-office user roles
To illustrate all four access levels that can be defined for any user role in the storefront, let’s use the example of a Company A that has 2 departments: West and East. The West department has an LA subdivision. A selected customer user belongs to the West department.
In this case:
The Corporate access level grants full access within the customer, its child customers, and subsidiary departments.
The Department access level enables a customer user to manage the records created by other company users who belong to the same department. In this case, the user from the mentioned example won’t see any records created by other departments’ users as they are eligible for the department access only.
The User level gives access only to a customer user’s own records.
None gives no access to any records. This data is disabled for the customer user.
Note that neither Department nor Corporate access grants access to the departments that are higher in the organization hierarchy.
With all these access levels and capabilities, you can easily configure any role permission that is required for your business.