Magento is an open source-based ecommerce platform for online businesses. You can think of as a content management system (CMS) for web stores, and it’s a system that we set up for clients who want a powerful and intuitive tool to sell products online.
There’s a lot to know about configuring Magento to meet your needs, and one important aspect of setting up Magento is users and user roles.
In just about any system that involves more than one person managing the content on a site, there is the idea of user permissions. Whether you’re getting a WordPress, Drupal, or Magento site up and running, it’s important to know who is going to be modifying the site content, and what type of access to the system that they need. That is one factor in maintaining a site that is secure.
Each person who works with the content on a Magento site should have an account on the site with specific permissions granted to her. There should be individual accounts (or users), as opposed to shared accounts, to ensure that each individual has access to the system that is specific to what she needs. The specific parts of a Magento site that any user has is determined by user roles.
To recap so far: A user is simply an account (username and password) that someone who manages a Magento site can use to access the administrative interface (or “backend”). A user role is the detailed description of what parts of the Magento site a user can access and change.
Accessing the users and user roles sections in Magento is straightforward. If you have a Magento site, you can log in to your site at an address that looks like yoursite.com/admin/. Once logged in, navigate to System -> Permissions -> Roles, as shown in this screenshot:
Setting up roles before users saves time. Since roles determine what parts of Magento a user has access to, it’s easy to assign users to roles when the roles are already set up.
On the Roles page in Magento, there is an Add New Role button in the top right corner that looks like this:
Clicking on that button takes you to a page that asks you to enter a Role Name. That name should describe the type of user that will have that role. Examples of role names include: Marketers, Shippers, and Web Designers.
After choosing a Role Name, be sure to click on the Role Resources tab on the left side of the page. That is the section where you determine exactly what aspect of Magento a user has access to. It’s a long list of resources! It will take a while to go through the list the first few times you do it, but it’s a crucial step in keeping your site secure. Also, once you set up the user roles, you won’t have to modify that too many times in the future.
When setting up the resources each role has access to, all you have to do is check the box to the left of each Magento resource, and when you’ve gone through the entire list, click the Save Role button in the top right of the page.
Once the roles are set up, users need to be created for each person who needs access to your site. If you’re still logged in to Magento, you can navigate to System -> Permissions -> Users, as shown in this screenshot:
On the Users page, click on the Add New User in the top right of the page to create a user:
Complete all of the fields in the Account Information section (user name, first name, last name, and so on) and make sure the account is marked as Active (which is the default status). While we’re almost done setting up this user, there’s one more step in the process:
The user you are creating needs a user role. On the left side of the New User page, choose User Role from the sidebar menu and select the radio button in the list of Role Names that corresponds to the user role you want the new user to have on the site. In other words, ask yourself: “How much access to my site should this user have?” and choose the user role that best answers that question.
Users and user roles are necessary parts of setting up any site that is going to be managed by more than one person. Creating individual accounts for each person involved with the website, and ensuring each user has the appropriate permissions to your site is a worthwhile step toward having and maintaining an online business that is secure.