Users and Groups
Manage access rights for users and groups.
Last updated
Was this helpful?
Manage access rights for users and groups.
Last updated
Was this helpful?
The Users and Groups module allows you to manage the data of all the users and groups that belong to your tenant. To authorize the users in the system, add them to the tenant and create relevant user groups with sets of access rights. Then, link the users with the user groups to make the access rights work.
The Management Dashboard views are dependent on the user's permissions. If you don't see a particular node, or section described in the Emporix documentation, or are not able to modify an entity, it might mean you don't have sufficient permissions set. Contact the administrator if you need additional access.
User - an employee using the Emporix Management Dashboard.
User Group - a group of users that share some common characteristics, like performing similar job. User group defines access controls for the users.
Role - a combination of predefined permissions that allow users to perform some actions on resources within the system. You can apply a role to a user group.
Permission - a mechanism for limiting what actions a user belonging to a role can perform on specific resources.
Access controls - a combination of roles and resources. For example, a user with a manage access control on product resources can view, create, delete, and edit product entities.
Resource or Entity - the object type within the Emporix Management Dashboard.
Action - the ability to perform an action on entities of specific type.
You can filter or sort the users list by first name, last name, email address, department or status.
The are two status types:
The Green dot shows the user is active
The Grey dot shows that the user was added and provisioned, but has not registered their account yet
In the Administration module, go to Users and Groups.
Go to the Users tab and choose the Create New User.
Provide all the requested information. All fields are mandatory.
After you provide the user’s details, choose Save to add your new user to the users list straight away.
If at any point you decide to stop adding the new user, you can use the Discard option. It clears all the fields and removes the data you’ve entered for the user.
You can filter and sort groups by the group name.
In the Administration module, go to Users and Groups.
Go to the Groups tab and click the Create New Group.
In General section, provide the group's ID, name and description.
Only the Group Name is mandatory for a user group creation. You can decide to edit other details later. You can also set up a custom user group ID in the Id field. Otherwise, a unique ID is automatically generated when the group is created.
Optionally, choose the Role for the group, you can select between:
Standard role for Management Dashboard users: Viewer, Manager, or Admin.
One of the Templates for Manager roles with specific access rights.
In the case when you have both Commerce Engine and OE setup in your tenant, firstly choose which product you want to define the group for. The available options for roles and permissions depend on this choice.
Based on your choice of Role, you can see that the access controls in Management Dashboard Settings section get selected automatically.
Set up the group access rights in the Management Dashboard Settings section:
read access selected - a user is able to see entities of a specific type
manage access selected - a user is able to see, edit, create, and delete entities of a specific type
none selected - a user is not able to see entities of a specific type
Use the checkboxes to define the access rights only for the particular types the group is supposed to have access to. If a group is not supposed to manage or even see a particular entity in the Management Dashboard, don't select any permission.
Selecting manage automatically deselects view access and the other way round. To disable existing access rights for an entity, uncheck the checkbox.
Confirm with Save.
Setting permissions
There are some resource types within CE that you access through other resources only and that don't have a separate view in the Management Dashboard, for example media, or payment gateway. Access to such resources depends on the permissions defined for the parent entity. For example, if you have read access to products, you get read access to media.
There are also resources that do have a separate view in the Management Dashboard but you also access them through other entities, for example categories in products. Access to such resources depends on the permissions you define at a group level for the particular resource. For example, if a group has manage access for products and read access for categories, the users are able to edit products, but not the categories within products. Or, if a group has manage access to products but no access to categories, the users don't have permission to see categories assigned to products. In that case, the users see No permissions message on a particular field.
To allow a user to work within the tenant, assign the user to a user group with a set of specific access rights. You can do it in two ways: from the user perspective and from the user group perspective.
In the Administration module, go to Users and Groups -> Users.
To open the edit mode, select the relevant user row.
Go to the Access tab and select the relevant user group.
Save your changes.
In the Administration module, go to Users and Groups -> Groups.
Find the group you want to add members to and choose Add members icon.
Select the users to add, you can search by first name, last name, email or department. Confirm with Add members.
In the Administration module, go to Users and Groups -> Groups.
To open the edit mode, select the relevant group.
Go to the Members tab and choose Add User. Select the users that you want to add to the group, you can search by first name, last name, email or department.
You can choose from the predefined roles for a user group or define manually the relevant access controls. Note that manage access control contains read, create, edit, and delete actions.\
Viewer
Manager
Administrator
Catalog Manager
Pricing Manager
Order Fulfillment Manager
Compare role templates
Customer Management
Companies
Read
Manage
Manage
✗
✗
✗
Customer
Read
Manage
Manage
✗
✗
Read
Coupons
Read
Manage
Manage
✗
✗
✗
Quotes
Quotes
Read
Manage
Manage
✗
✗
✗
Status Quotes
Read
Manage
Manage
✗
✗
✗
Orders
Orders
Read
Manage
Manage
✗
✗
Manage
SEPA
Read
Manage
Manage
✗
✗
Manage
Returns
Read
Manage
Manage
✗
✗
Manage
Catalogs
Catalogs
Read
Manage
Manage
Manage
Read
✗
Categories
Read
Manage
Manage
Manage
Read
✗
Products
Products
Read
Manage
Manage
Manage
Manage
✗
Product Templates
Read
Manage
Manage
Manage
Read
✗
Labels
Read
Manage
Manage
Manage
✗
✗
Suppliers
Read
Manage
Manage
Manage
✗
✗
Brands
Read
Manage
Manage
Manage
✗
✗
Pricing
Price Models
Read
Manage
Manage
✗
Manage
✗
Price Lists
Read
Manage
Manage
✗
Manage
✗
Settings
Sites
Read
Manage
Manage
✗
✗
Read
Delivery Methods
Read
Manage
Manage
✗
✗
✗
Delivery Times
Read
Manage
Manage
✗
✗
✗
Units
Read
Manage
Manage
✗
Manage
✗
Tax
Read
Manage
Manage
✗
Manage
✗
Countries
Read
Manage
Manage
✗
Manage
✗
Currencies
Read
Manage
Manage
✗
Manage
✗
Languages
Read
Manage
Manage
✗
✗
✗
System Preferences
Read
Manage
Manage
✗
✗
✗
Mixin Schemas
Read
Manage
Manage
✗
✗
✗
Extensions
e.g. site settings
Read
Manage
Manage
✗
✗
✗
Administration
Users and Groups
Read
Read
Manage
✗
Read
✗
Webhooks
Read
Manage
Manage
Manage
✗
✗
Extensions
Read
Read
Manage
✗
✗
✗
As particular resources have references to other resources, you need to take that into account when setting the relevant access controls for the groups you create. We've prepared a matrix of possible functions in a company and expected permissions in Management Dashboard. You might use it as a baseline for managing permissions for particular groups.
Example
You want to create a user group responsible for managing quotes in the system. Therefore, you select manage access control for quotes resources, however that might not be enough. Most probably, you also have to select at least read access control for companies resources, and you'd also need manage access for products so that the group members are able to manage price resources (which they access through products). Without these additional read and manage access, the users are not able to view the relevant resources that are related in one way or another to quotes, and are not able to process quotes accordingly.
The manage permission for a particular entity also gives a possibility for a user to configure the table columns for the list view by using the orchestration icon. They can adjust which columns are visible and which are hidden for the particular resource view in Management Dashboard that they have manage right to.
Take a look at the matrix to see what to take into account.
For more information, see .
For more information, see .
For more information about the access controls, see the tutorial related to the Emporix API IAM Service.
