Received a request from a client who wanted to setup a new role for Guest Services. That role would require the user to view and edit order, view customers, and fulfill payments. In order for the role to see the the store in the admin menu, the permission to set is Administer Store under the uc_store module. With this permission set, the Guest Services role can view and edit order, view customers, fulfill payments, AND has the permission to configure store settings. The support request is to suggest an additional permission setting under the uc_store module for store configuration. This will allow non-admin users to view only, and provide additional security for the site's administrator/owner.

Comments

rszrama’s picture

rszrama commented
Component: Website » Code
Priority: Critical » Normal

Can you be a little more specific about which pages you think this permission should govern? For example, what about reports?

MBroberg’s picture

MBroberg commented

I think that is a case-by-case basis. I need a role that can view orders and customers but not edit or delete them.
They also need to be able to edit products (to change prices, etc) but not delete them or make massive changes to the store and settings.
Limiting a user to have access to only what I want them to do is very tricky and personal for each site. It depends largely on the intelligence and trustworthiness of each user or class of users.

tr’s picture

tr commented
Version: 6.x-2.0-beta2 » 6.x-2.x-dev
Category: support » feature
longwave’s picture

longwave
he/him
Primary language English
Location UK
commented
Status: Active » Closed (won't fix)

The existing permissions are enough; you can just move the orders and customers items out from under the store menu if you don't want to give them "administer store".