ACL – Permission Manager

Objective

As a Venture, I want to manage the permissions management so that I can add custom roles, adjust roles and resources, and set up new users. Furthermore I would like to be able to decide which user role can be created by a different role.

The ACL Manager is a specific user, who is able to customize the resources (access levels) for other user. It is only possible to have one user acting as ACL manager.

  • The ACL Manager can:
    • create new custom roles specific to every country (not only Venture-based).
    • delete custom roles if no user has the role.
    • assign resources to roles and remove resources from roles.
    • only access Permission Overview and User Setup, nothing else. This means that the ACL Manager can’t be the admin as well, and requires an ACL-specific email address (e.g., [email protected]).
  • Creating new permission might require development. Please reach your dedicated PM for more information.

Create Roles

 

Step Description Image
1 Go to Administration > Permissions Control
2 Overview of Existing Role > Add new Role

 

Screen_Shot_2015-12-14_at_10_56_25

3 To set up new role, choose the following:

  • “Display name”
  • “Group.” (Select a group that identifies the role [e.g., “Venture” or “Seller”])
  • “Can be edited by”: roles who can edit the created user
  • “Description”
Screen Shot 2015-12-14 at 10.59.18
4 In the Role Overview, you can see the “Role Name,” “Role Description,” the number of users assigned to this role, and perform some actions:

  • “Resources” (see below)
  • “Edit”: allows you to edit basic information (e.g., name, group, description, etc.).
  • “Delete”: it is possible to delete custom roles unless a user is assigned to that role.
Screen Shot 2015-12-14 at 12.16.28
4 Edit role resources:

  • Resources are described with a name, a description, a tag and a status (enabled/disabled)
  • Search can be performed on all columns, including by clicking on tags.

Create User with New Role

Step Description Image
1 Go to Settings > Manage Users Screen Shot 2015-12-14 at 12.10.52
2 Select “Add User.” New roles will be available in the “Role” dropdown. Screen Shot 2015-12-14 at 12.11.15

Default Roles & Resources

Resources Enabled by Role

Below are the default set of roles and their resources; these apply to all Ventures and countries.

ACL Role Description Resources
ACL Manager  This user is responsible for assigning resources to roles and creating new user roles. login, acl_management
Backend Finance This user is able to set up everything finance-related (e.g., global and Seller commissions, fees, and payouts). login, registration_read, registration_write, products_read, orders_read, reports_read, profile_read, switch_seller_write, settings_read, manager_seller_read, manager_seller_write, finance_read, finance_write, seller_support_read, content_management_read, product_qc_read, promotion_admin_write, promotion_admin_read, promotion_seller_write, promotion_seller_read, orders_return, seller_rating_admin_write, finance_qc, erp_log_write, commission_fees_read, commission_fees_write
Backend Operation  This user is intended to perform order processing via the Global Order Overview. Additionally, this user can switch between the different Sellers as well as updating the Sellers’ profiles. login, profile_read, profile_write, switch_seller_write, global_order_overview_read, global_order_overview_write, blocked_order_states_accessible, shipment_information_edit, counterfeit_brand_read
Backend Product QC  This role is intended for multiple purposes. First, the user with this role is able to check the product content and approve/reject the pending quality control products. Secondly, this user is available to support Seller with either content creation of their products or fixing issues for products (small updates). Additionally, these users are able to create/update products for all Sellers via CSV imports. login, registration_read, products_read, products_write, orders_read, switch_seller_write, product_qc_read, product_qc_write, promotion_admin_write, promotion_admin_read, promotion_seller_write, promotion_seller_read, orders_return
Backend Read Only

This user role has the same access as an admin user, except they can only read the content but is not able to change anything.

This role is intended for management users to be able to get an overview of Seller Center without changing accidentally something.

login,registration_read, products_read, orders_read, reports_read, profile_read, switch_seller_write, settings_read, manager_seller_read, finance_read, seller_support_read, content_management_read, product_qc_read, promotion_seller_read, qc_reject_reasons_read, counterfeit_brand_read, erp_log_write, commission_fees_read
Backend Seller Setup  This user is intended to do all the setup of Seller settings, commissions, and fees. Additionally, this user is able to set up everything in Content Management. login, registration_read, registration_write, products_read, orders_read, reports_read, profile_read, switch_seller_write, settings_read, manager_seller_read, manager_seller_write, finance_read, seller_support_read, seller_support_write, content_management_read, content_management_write, product_qc_read, product_qc_write, promotion_seller_write, promotion_seller_read, orders_return, backend_contracts_upload, counterfeit_brand_read, counterfeit_brand_write, erp_log_write, commission_fees_read, commission_fees_write
Backend  Support

This user role is intended to have the same user rights as a Seller user, with  the exception that they can switch between different Sellers. Additionally, they have “read” access to the Seller settings, which are configured via the admin/backend setup user.

Furthermore this user is able to use all parts of the Content Management (e.g., CMS blocks, translations, document templates), “Fulfillment by Venture,” and the promotion section.

Otherwise, this user has only “read” access to the other areas of Seller Center.

login, registration_read, registration_write, products_read, products_write, orders_read, orders_write, reports_read, profile_read, profile_write, switch_seller_write, settings_read, manager_seller_read, finance_read, seller_support_read, seller_support_write, content_management_read, content_management_write, product_qc_read, product_qc_write, consignment_read, consignment_write, promotion_admin_write, promotion_admin_read, promotion_seller_write, promotion_seller_read, global_order_overview_read, orders_return, qc_reject_reasons_read, qc_reject_reasons_write, seller_rating_admin_read, attribute_set_read, shipment_information_edit, counterfeit_brand_read, counterfeit_brand_write, erp_log_write, commission_fees_read
Monitoring API Access  This role allows login only to Seller Center or API for monitoring reasons. monitoring_api_read
Seller API Access

This is a subrole to the “Seller Full Access” role. This user can only operate with Seller Center via an API connection.

This role is able to perform product management and order processing via API.

To learn how to use the API, please read this documentation.
api_write
Seller API Order Access This role is a subrole to the “Seller Full Access” role and a subrole to “Seller API Access” role. This user with this role can only operate with Seller Center via an API connection for order processing. api_order_access
Seller API Product Access This role is a subrole to the “Seller Full Access”role and a subrole to “Seller API Access” role. This user with this role can only operate with Seller Center via an API connection for product management (creation or update). api_product_access
Seller Catalog Access

This role is a subrole to the “Seller Full Access” role. A user with this role is only able to perform work related to product management. This includes product creation and import (via CSV/XLSX) and update.

Furthermore, this user can decide which email notifications (e.g., for new orders) they want to receive.

login, notifications_write, products_read, products_write, orders_read, promotion_seller_write, promotion_seller_read
Seller Full Access

This role gives access to the entire Seller section of Seller Center. Here, this user can manage their products (in Seller Center directly, via CSV or API) and manage their orders.

This role can also check the account statements or update the profile information, as well as add additional users to the account.

Furthermore, this role can customize document templates to their needs. Additionally, this role is able to decide which email notifications (e.g., for new orders) they want to receive.

login, notifications_write, products_read, products_write, orders_read, orders_write, reports_read, profile_read, profile_write, api_write, consignment_read, consignment_write, promotion_seller_write, promotion_seller_read, orders_return, shipment_information_edit
Seller Order Access

This role is a subrole to the “Seller Full Access” role. A user with this role is only able to perform order processing via Seller Center directly (via CSV import).

Furthermore this user can decide which email notifications (e.g., for new orders) they want to receive.

login, notifications_write, products_read, orders_read, orders_write, orders_return, shipment_information_edit
Seller Stock Update

This role is a subrole to the “Seller Full Access” role. The only action this user can make in Seller Center is stock changes.

Furthermore, this user can decide which email notification (e.g., for new orders) they want to receive.

login, products_read, stock_write
User during login  This role refers to a user who has passed login but still needs to fulfill a two-factor authentication. login_two_factor,
Developer Developer on Venture or Seller-side with access to relevant API and authentication features that are located under “Integration Management.” login, integration_management, manage_developer_apps

Resources Details

The available resources for all Ventures and countries are listed below:

Resource ID Resource label  Tag Description
acl_management ACL Management Roles and user management.
admin_only Admin menu access “settings” Full access except Seller notification and configuration, maintenance area, product, and order API.
api_explorer_access API Explorer Access “api” Enables API Explorer in section Integration Management.
api_order_access Frontend API Order access “api”, “order” Order processing via API.
api_product_access Frontend API Product access “api”, “product” Product administration via API.
api_write Frontend API write “api”, “product”, “order” Full access to API.
attribute_set_read Attribute set read “settings” “Read only” access to attributes.
attribute_set_write Attribute set write “settings” “Write” access to attributes. Must be provided together with “read” access.
backend_communication_read Unified Communication Center – read permissions Gives user the read access to Content Management (News), Survey Manager and Tag Manager
backend_communication_write Unified Communication Center – write permissions Gives user the write access to Content Management (News), Survey Manager and Tag Manager
backend_contracts_upload Backend upload of econtracts Gives access to the upload functionality for e-contracts in the Seller settings.
blocked_order_states_accessible Blocked Order States Accessible “order”, “seller”]/td> This role has access to the order statuses being blocked for the shipping provider based on the admin configuration.
commission_fees_read Commission Fees Read “commission fees” “Read only” access to commission fees.
commission_fees_write Commission Fees Write “commission fees” “Edit” access to commission fees.
consignment_read Fulfillment by Venture read “order”, “consignment” “Read only” access to consignment.
consignment_write Fulfillment by Venture write “order”, “consignment” “Write” access to consignment. Must be provided together with “read” access.
content_management_read Backend content management read “cms”, “settings” “Read only” access to the content, translations, documents templates, and management.
content_management_write Backend content management write “cms”, “settings” “Write” access to content management. Must be provided together with “read” access.
erp_log ERP Log Full Access “erp” ERP Log Full Access. Works with the Navision integration feature.
finance_qc Backend finance QC “finance”, “qc” Gives access to the finance quality control (review, reject or approve transactions).
finance_read Backend finance read “finance” “Read only” access to financial data (transactions fees).
finance_write Backend finance write “finance” “Write” access to financial data (transactions fees). Must be provided together with “read” access.
global_3rd_party_developer_apps_access Access to page 3rd Party Integration “api” Allows ventures to register OAUTH apps and call REST API as admins.
 global_product_read Frontend Global Product Overview Write “product” Gives “read only” access to the global product list.
 global_product_write  Frontend Global Product Overview Read “product”  Gives “write” access to the global product list. Must be provided together with “read” access.
global_order_overview_read Backend Dispatcher Read “order” Gives “read only” access to the global order list.
global_order_overview_write Backend Dispatcher Write “order” Gives “write” access to the global order list. Must be provided together with “read” access.
integration_management_access Integration Management Access “api” Access to section Integration Management
login Frontend login Enables user to login in front-end.
logistics_items_events_read Logistics Items Events Read  “logistics items events” Provides read only access to Logistics Items Events (feature in roll-out)
logistics_items_events_write  Logistics Items Events Write “logistics items events” Provides write access to Logistics Items Events (feature in roll-out)
manager_seller_read Backend manager Seller read “seller” “Read only” access to Seller information.
manager_seller_write Backend manager Seller write “seller” Enables user to update commissions, set up delivery/shipping settings, Seller settings, administer fees, perform Seller (un)deletion/ activation/approval/rejection, import, and set Seller profile requirements. “Read only” access must be enabled as well.
master_read Master Products Management read “product” “Read only” access to master products
master_write Master Products Management write “product” “Write” access to master products.”Read only” access must be enabled as well.
monitoring_api_read Monitoring API Read “api” Monitoring access.
non_editableproductattributes_write Non-Editable Product Attributes Write “user”, “product”, “attributes”, “settings” Allows the user to edit Non-Editable Product Attributes.
notifications_write Frontend Notifications Write Access to Seller notification area.
oauth_developer_apps_access Access to OAuth Applications “api” Gives the access to OAuth Applications page. Seller needs to register an application there to fulfill the authentication flow of the REST API.
orders_read Frontend Order read “order” Gives “read only” access to the Seller order list.
orders_return Frontend Order Returns “order” Gives full access to order returns management.
orders_write Frontend Order write “order” “Write” access to the order comments, reviews, order imports; order manipulation (status, tracking data etc). “Read only” access must be enabled as well.
product_mass_imageuploadadvanced  Advanced Product Mass Image Upload “product”, “images”, “upload” Allows the user to mass upload images for multiple sellers by using either Seller SKU either Shop SKU as naming pattern
product_qc_read Backend product QC read “product”, “qc” “Read only” access to products’ quality control.
product_qc_write Backend product QC write “product”, “qc” “Write” access to products quality control. Must be provided together with “read” access.
products_read Frontend Product Read “product” “Read only” access to products.
products_write Frontend Product write “product” Enables master product (variation) creation, editing, (un)deleting, import/export, stock/price changes, rejection, status change; gives access to the Seller Facebook administration. “Read only” access must be enabled as well.
product_content_write Frontent Product Content Write “product” Enables product content updates without stock or price fields,
product_not_authorized  Set products to not authorized  “product”  Set products to not authorized.
product_stock_write Frontent Product Stock Write “product”, “stock” enables stock updates for users
product_price_write Frontent Seller Price write “product”, “api” enables user to change prices of products only either via API/CSV or UI
profile_read Frontend Profile read “profile”, “seller” “Read only” access to user profile.
profile_write Frontend Profile write “profile”, “seller” “Write access” to user profile. Must be provided together with “read” access.
promotion_admin_read Promotion Admin read “promotion”, “settings” “Read only” access to promotions administration.
promotion_admin_write Promotion Admin write “promotion”, “settings” Allows promotion creation, editing, and deletion; promotion QC (rejection, approval); promotion import. “Read only” access must be enabled as well.
promotion_seller_read Promotion Seller read “promotion” “Read only” access to Seller administration. Must be provided together with “read” access.
promotion_seller_write Promotion Seller write “promotion” “Write” access to Seller administration.
qc_reject_reasons_read QC Return Reasons Read “qc”, “settings” “Read only” access to Product Quality Control page.
qc_reject_reasons_write QC Return Reasons Write “qc”, “settings” “Write” access to Product Quality Control page. Must be provided together with “read” access.
registration_read Frontend Registration Read “seller” “Read only” access to the Seller registration/invitation page.
registration_write Frontend Registration Write “seller” “Write” access to the Seller registration/invitation page. Must be provided together with “read” access.
reports_read Frontend Report read “report” “Read only” access to reports.
seller_price_write Seller Price write  “product”, “api” Write access to product prices including sales price for UI updates as well as imports and API. Read only access must be enabled together.
seller_profile_read View Seller Profiles “view”, “seller user” Give read-only access to all seller user profiles, regardless of assigned role.
seller_qc_read Backend Seller QC Read  “seller”, “qc”  “Read” access for Seller quality control.
seller_qc_write Backend Seller QC Write “seller”, “qc”  “Write” access for Seller quality control.
seller_rating_admin_read Seller Rating Admin read “seller rating”, “settings” Provides “read only” access to the Seller rating page.
seller_rating_admin_write Seller Rating Admin write “seller rating”, “settings” Provides “write” access to the Seller rating page.
seller_support_read Backend seller support read “seller”, “product”, “order”, “api”, “consignment” Provides “read only” access to global order, product, export, import, API, mail setup, log consignment and sync status pages.
seller_support_write Backend seller support write “seller”, “product”, “order”, “api”, “consignment” Can update product consignment details and edit Seller profile data. “Read only” access must be enabled together.
seller_tiering_read Seller Tiering Read “seller”, “settings” Provides read only access to Seller Tiering configuration (feature in roll-out)
seller_tiering_write Seller Tiering Write “seller”, “settings” Provides write access to Seller Tiering configuration (feature in roll-out)
settings_read Backend settings read “seller”, “settings” “Read only” access to administration area for categories, commission, Seller, and shipping.
settings_write Backend settings write “seller”, “settings” “Write only” access to administration area for categories, commission, Seller, shipping. Must be provided together with “read” access.
smart_seller_manager_read Smart Seller Manager Read “seller”, “settings”
Provides read only access to Smart Seller Manager configuration
smart_seller_manager_write Smart Seller Manager Write “seller”, “settings”  Provides write access to Smart Seller Manager configuration
statement_sales_invoice_read Statement Sales Invoice Read  “sales invoice”, “transaction statement” Provides read only access to Statement Sales Invoice (feature in dev)
statement_sales_invoice_write Statement Sales Invoice Write  “sales invoice”, “transaction statement” Provides write access to Statement Sales Invoice (feature in dev)
stock_write Frontend Product Stock Write “stock”, “product” Enables product stock change.
switch_seller_write Backend switch Seller write “seller” Enables Seller switching.
take_a_tour Take a tour “tours”,”guide”,”onboarding” Enables admin access to Take a tour (creating & editing Tours). User display as default.
tag_manager_read Tag Manager Read “tag manager”, “seller”, “order item”, “product” Provides read only access to Tag Manager
tag_manager_write Tag Manager Write “tag manager”, “seller”, “order item”, “product” Provides write access to Tag Manager
 transaction_rule_engine  Transaction Rule Engine Full Access “transaction,” “rule engine” Enables rules to be defined via Transaction Rule Engine.

 

Global Administrative Roles

Role Description Access Rights
Admin Includes the whole administration of Seller Center, as well as all Seller-related operations.

Full administration menu access.

Full Seller menu sections.

Maintenance

Used for site maintenance only.

Only available to certain Rocket Labs employees.