You are browsing documentation for version 5.1 of OroCommerce, supported until March 2026. Read the documentation for version 6.0 (the latest LTS version) to get up-to-date information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

Manage Customer User Roles in the Back-Office 


This section is part of the Customer Permissions concept guide topic that provides a general understanding of permissions and access levels available to customers and customer users in Oro applications.


See a short demo on how to create customer roles in Oro applications, or keep reading the step-by-step guidance below.

In Oro applications, you can view, edit, and create new customer roles to define the level of permissions and access to the actions and data in the storefront for the users of this role.

The following roles are preconfigured and available for every customer by default:

  • Administrator

  • Buyer

  • Non-authenticated Visitors

Each newly created role can be either of a predefined or customizable type. When a role is assigned a particular customer in the role details, it becomes customizable and is available only for this specific customer. If no customer is assigned, the role type becomes predefined enabling any customer to use it.

With the customer user role, you can manage the following access- and permissions-related settings:

  • Role management permission: A customer user may be able to manage their own role in the storefront if Self-Managed option is enabled for this role. Keep in mind that the permissions of the Customer User Role entity must be set as well.

  • Permissions to view workflows and/or perform transitions through the workflow steps.

  • Data access/management permissions and capabilities.

Create a Customer User Role 

To create a new customer user role:

  1. Navigate to Customers > Customer User Roles in the main menu.

  2. Click Create Customer User Role.

  3. In the General section, provide the following details:

    • Name — A human-readable label that identifies a customer user role.

    • Customer — A customer that has exclusive permission to use this role for their customer users. If the value is not provided, the role is available to all customers.

    • Self-Managed — The flag that indicates whether the customer user can manage their own roles configuration in the storefront. Keep in mind that the permissions of the Customer User Role entity must be set as well.

  4. In the Entity section, select the permissions you want to grant to users who will be assigned the role you are creating.

    On the customer user role details page, you can view customer users with this role assigned. If the role is global, this list contains users from all customer accounts.


    Please note that there are two ways to control the capability of a customer user to update their profile details in the storefront. One is defined by the Edit permission for customer users. When set to Same Level/All Levels, editing will become possible under Account > All Users in the storefront. The second one is defined by the Update User Profile capability, which, when enabled, gives the customer user permissions to update details under Account > My Profile in the storefront.

  5. In the Workflows section, specify access levels for workflows and workflow transitions. There are two permissions for workflows, view and perform transitions. By default, all workflow access levels are set to None. Choose the workflow or the transition to which you want to assign different permissions, click on the action name and select the required access level from the list.

  6. In the Customer Users section, select checkboxes in front of the customer users to whom you want to assign this role.

  7. Click Save

View and Filter Customer User Roles 

To view all customer user roles:

Navigate to Customers > Customer User Roles in the main menu.

You can view, edit and filter every item in the Customer User Roles record table (grid):

  • To view, click on the item once (or at the end of the row) to open its details page.

  • To edit, click at the end of the row.

  • To filter, click above the table on your right and specify the query.


Keep in mind that only those customer user roles that have been created in the current organization will be displayed in the Customer User Roles record table (grid) of the current organization.