With the Smartstore 4 release, there have been many changes "under the hood", including in the area of user roles and user rights. The "rights system" is a component as of Community Edition.
The new permission system: detailed and hierarchical permission management.
Up to and including Smartstore version 3, access rights were selected or deselected in a list for each customer group.
The new visual access rights editor in Smartstore 4 simplifies the assignment and control of permissions. A hierarchical tree view makes it easier to overview and edit access rights.
First and foremost, however, the focus here is on administration rights, i.e. access rights for store employees, which are now finely fanned out and displayed in a visually clear manner.
Good to know: the Smartstore store system does not make a separation between store customers and store employees. All these people are included in one list, the "Customers" list. Their access rights are organized by "customer groups" to which they are assigned. A "Customer" is assigned to at least either customer group "Guests" or customer group "Registered".
Over 280 access rights
Significantly more access rights allow a very fine designation of permissions. Already in the community edition, there are over 280 different access rights for all areas in the store administration: such as in the product catalog, content management, orders, shopping cart. The finely granulated access rights allow, for example, to grant selected customer groups read rights, but deny them write rights.
Freshly installed plugins sometimes bring their own access rights, such as the open-source "Web API" plugin. Store operators can also conveniently manage these plugin access rights using the Smartstore 4 access rights editor.
The editor supports inheritance to allow or deny entire permission ranges with one click. This saves the store
administrator a lot of time, because the subordinate rights inherit the setting automatically. In the visual editor, "inherited" access
rights are marked with a light red or light green bordered selection field, and when hovering over it with the mouse pointer, a
corresponding hint text appears: Denied (inherited) or Allowed (inherited). Inheritance can be prevented by
explicitly clicking a single right and thus always allowing or denying it.
All access rights of a customer (or employee) are visible on their customer edit page. Access rights are also not managed per individual customer in Smartstore 4, but indirectly via customer groups. To change individual customer rights, the store administrator assigns or removes them from the customer corresponding customer groups.
Good to know: A customer can be sorted into multiple customer groups at the same time. His access rights expand with each newly assigned customer group, and this is clearly displayed in his access rights view. A good control option!
Here are some usage scenarios:
1. B2B store with prices only after registration
Wholesalers or manufacturers do not want to disclose their price structures to the general public. They can therefore set up a smartstore store so that customers must first register before they can see prices. Under German law, this is not permissible for transactions with end consumers, but it is permissible for sales between companies (business-to-business, or B2B for short).
This is how it is implemented: the system customer group Guests is deprived of the access right
Catalog -> show prices. By default it is set.
2. Online catalog
Imagine a retail store that informs about its offer via extended web page. Shipping is not possible, pickup via Click&Collect is not desired or useful, such as for difficult-to-transport, perishable goods or products that are only made on demand and very customized anyway. Such as organic vegetables in a farm store or portraits from an artist's gallery.
Wanted then is the store as a pure product catalog, in which can not be ordered online. However, the prices are to be displayed. Also the wish list and item comparison feature should remain available, so that customers can prepare their purchase well or send their wish list to themselves and others.
This is how it is implemented: the system customer group Guests is deprived of the access right
Shopping cart -> Access shopping cart. By default, it is set.
3. Employees with task areas
.Often there are several employees working in a company. The company is growing and not everyone should be able to do everything in the store. Thus, employee A should mainly process the orders, colleague B should maintain the articles and merchandise categories, an external freelancer should take care of the store system forums and the integrated blog, and the boss C should have full access to everything. All employees should be able to store in the store with a 20% staff discount.
How to implement: create one customer group per task area. Restrict the rights in the customer groups as follows. Assign the people their corresponding customer group.
| Person | Additional customer group | Access rights and other settings |
|---|---|---|
| Employee A |
Create |
Allow orders and set all subordinate permissions in orders to inherit |
| Colleague B | Create assortment maintenance |
Allow products and set all child permissions in Products to Inherit |
| External | Create public relations |
In CMS allow the three permissions News, Blogs, Forums and leave all subordinate permissions therein at
Inherit |
| Chief C | Assign administrators |
all access rights are already set by default in the administrators group (is a default system customer group) |
| All employees | Create staff |
same permissions as all registered customers, additionally under marketing > discount restrict a discount 20%
with a shopping cart rule on customer group staff |
More rights for everyone
All these features are directly available in every Smartstore edition. Even starting with the open-source community edition, you can customize your store project to your needs with individual access rights. In addition, you can extend Smartstore with your own plugins and simply link access rights for them into the rights system. Discover the new possibilities for your store project in Smartstore 4.