How to restrict administrator permissions?

I would like to define exact permissions per administrator group. I have designers, skin programmers, addon developers, content managers, shipping dept, active in the same system and I want to prevent issues by restricting their permissions to:[list]

[]the store they need to have access to.

[
]the settings and actions they need to have access to.

[/list]

I see that its possible to add a new usergroup, but this seems different from account types(administrator/customer).

I have created usergroups for:[list=1]

[]skin programmers per store

[
]addon developers

[]content managers

[
]shipping dept

[/list]

How do I add a user to one of these usergroups? When I edit a user account I only see that I can change the account type to customer/administrator.

As the administrator user, create new Administrator user groups for each group as Type: Administrator (Customers > User Groups > Add User Group)



Skin Programmers (Administrator)

Addon Developers (Administrator)

Content Managers (Administrator)

Shipping Department (Administrator)



Once you have created these, in Customers>User Groups, click the Edit link for each User Group, then the Privileges tab. Here, you can specify which privileges each account type will have.



On the Share tab, you then specify which store(s) the user group has access to. If you have 2 groups of people to do the same task on each site, you will need to create another user group for each site specifying only the one site on the Share tab, otherwise add all the relevent sites on the Share tab.



Then, via Customers > Administrators, create new accounts for all of your administrators user accounts.



Click the Edit link next to each Administrators user account and set the relevent Status for each user group. EG. 'Robert Smith' will be in the 'Skin Developers' Group, with Declined status for all other user groups.



Repeat for each administrator user.

Note that only the primary admin of a store can assign users to groups and edit group admin permissions. I.e. user_id == 1.

[quote name='StellarBytes' timestamp='1358464808' post='153071']

As the administrator user, create new Administrator user groups for each group as Type: Administrator (Customers > User Groups > Add User Group)



Skin Programmers (Administrator)

Addon Developers (Administrator)

Content Managers (Administrator)

Shipping Department (Administrator)



Once you have created these, in Customers>User Groups, click the Edit link for each User Group, then the Privileges tab. Here, you can specify which privileges each account type will have.



On the Share tab, you then specify which store(s) the user group has access to. If you have 2 groups of people to do the same task on each site, you will need to create another user group for each site specifying only the one site on the Share tab, otherwise add all the relevent sites on the Share tab.



Then, via Customers > Administrators, create new accounts for all of your administrators user accounts.

[/quote]

Done.


[quote name='StellarBytes' timestamp='1358464808' post='153071']

Click the Edit link next to each Administrators user account and set the relevent Status for each user group. EG. 'Robert Smith' will be in the 'Skin Developers' Group, with Declined status for all other user groups.

[/quote]

This is where it goes wrong. If I edit an administrator account then I see no possibility to set the relevant status. See: http://awesomescreenshot.com/03ftk3k41


[quote name='tbirnseth' timestamp='1358480111' post='153078']

Note that only the primary admin of a store can assign users to groups and edit group admin permissions. I.e. user_id == 1.

[/quote]

I am the primary admin and have userid 1

(I have changed this following your advise)

The problem that I am encountering is that I can not assign a user to a usergroup.

There is no usergroup tab In admin > all stores > customers > users > edit user

The strange thing is that accounts with a 'customer' status do have a 'usergroup' tab, but that is empty without a function to assign usergroups. As soon as I change the account to 'administrator' the usergroup tab disappears.

The user who is modifying the other user must have “is_root” set to 'Y' in the DB. In Ultimate, there are several convoluted conditions that determines whether the current admin user can assign another user to an admin user group. You may want to try changing to the context of the company versus the all_stores, etc.

You assign Administrators User Groups via Customers>Administrators>'Edit' Administrator User Account Link>User Groups tab.



If the User Group tab does not appear, check under Customers>User Groups that at least 2 user groups of Type: Administrators are 'Active'. In saying that, the User Group shows up for me with only 1 Administrator user group enabled.



Update:

[quote name='tbirnseth' timestamp='1359497146' post='153963']

The user who is modifying the other user must have “is_root” set to 'Y' in the DB. In Ultimate, there are several convoluted conditions that determines whether the current admin user can assign another user to an admin user group. You may want to try changing to the context of the company versus the all_stores, etc.

[/quote]

Yep, this is another one of those silly places where 'is_root' = Y has to be set to create user groups. This always catches me out and yet I don't really see the need for it. It's true User Groups tab won't be displayed unless 'is_root' = Y. So, in this case, you'll need to be 'All Stores' user as opposed to a 'Stores' user.

Double post, fail.

[quote name='tbirnseth' timestamp='1359497146' post='153963']

The user who is modifying the other user must have “is_root” set to 'Y' in the DB.

[/quote]

That was indeed the culprit. Now it works. Many thanks to both of you.

Same problem here, using cscart multi vendor v. 4.0.3



Change admin with user_id “1” to is_root “Y”



Created new admin user groups.



Created 2 administrator



Cannot find tab user group when editing admins, only “genral” and “Api Acess”.



Did someone managed to find another solution ?

Ok, I managed to resolve my problem.



I change the value is_root “Y” in the wrong database. :neutral:



Thanks anyway, it’s working.