Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't create a user in the admin section without "Manage Customer Roles" permission #806

davza opened this issue Nov 8, 2015 · 1 comment


Copy link

@davza davza commented Nov 8, 2015

If an "admin" user has got the "Manage Customers" permission, but not the "Manage Customer Roles", they are unable to create a new Customer through the Manage Customer admin section as the system requires a new customer to be either a Guest or a Registered user, which the admin user is not allowed to set.
The problem is that if you give an admin user the "Manage Customer Roles" permission they can assign any role (including Administrator) to any user (including themselves), which will then allow them to do anything in the system.

An easy way to fix this will be to default newly created users to the "Registered User" Role, but I think a nicer way is:

Have some sort of "Customer Role Hierarchy", this could be something simply like a permission number (see below), and only allow users to assign roles lower or equal to theirs. This could also be extended to not allow users (Customers) with a lower role from editing customers with a higher role)
This would also make it easier and safer to give login details to individual store owners.

Guest: 0
Registered: 20
Forum Moderators: 50
"Junior Admin": 60
"Senior Admin": 70
Administrators: 100

Copy link

@SalehBagheri SalehBagheri commented Jun 2, 2016

it's good if:
"Sales Department" only access to "Orders" menu,
"Transport Department" only access to "Shipments" menu,
and "Products Department" only access to "Catalog" menu!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

4 participants