Every advanced shopping cart should have a Access Control List (ACL) system.
If you are running a big store with many employees, you don’t want all your employees to have full access to your system. Most likely you want to have full access to the system yourself as admin and the others should only have limited access to view orders for instance. You don’t want your new employee to be messing around with your store settings etc. In multistore systems, there should also be a system to limit users to certain stores, so they can’t access all of them.
Every good framework has a system for Access Control Lists, but i can’t see that cs-cart has implemented this yet. Magento has this and even free Opencart has this.
Here is a picture from Magento admin:
Ah, sorry.
Didn't see that.
Is it possible to lock users to certain stores as well?
Not sure as I only run one. It might be possible with user groups.