Important

You are browsing documentation for version 5.0 of OroCommerce. Support of this version ended in January 2025. Read the documentation for version 6.1 (the latest LTS version) to get up-to-date information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

Security

OroSecurityBundle extends Symfony security capabilities to enable a role-based ACL security system in the Oro applications.

The bundle enables developers to set up access restrictions for entities and non-entity-related actions using the DOC-block annotations and the YAML configuration files. It also provides UI for application administrators to configure the entity-specific permissions for particular user roles based on entity ownership.

Read more in the following topics below:

• Introduction to Security in Oro Applications

  • Access Control Lists

  • Permissions for Entities

  • Protecting Resources

• Access Levels and Ownership Illustration

• OroSecurityBundle Features

  • ACL Manager

  • Field ACL

  • Custom Listeners

  • Access Rules

• Custom and Configurable Permissions

  • How to Configure and Apply Custom Permissions to an Entity

  • How to Work with Configurable Permissions