ACL – Permission Manager
Contents
Objective
As a Venture, I want to manage the permissions management so that I can add custom roles, adjust roles and resources, and set up new users. Furthermore I would like to be able to decide which user role can be created by a different role.
The ACL Manager is a specific user, who is able to customize the resources (access levels) for other user. It is only possible to have one user acting as ACL manager.
-
The ACL Manager can:
- create new custom roles specific to every country (not only Venture-based).
-
delete custom roles if no user has the role.
-
assign resources to roles and remove resources from roles.
-
only access Permission Overview and User Setup, nothing else. This means that the ACL Manager can’t be the admin as well, and requires an ACL-specific email address (e.g., [email protected]).
-
Creating new permission might require development. Please reach your dedicated PM for more information.
Create Roles
| Step | Description | Image |
| 1 | Go to Administration > Permissions Control | |
| 2 | Overview of Existing Role > Add new Role |
|
| 3 |
To set up new role, choose the following:
|
|
| 4 |
In the Role Overview, you can see the “Role Name,” “Role Description,” the number of users assigned to this role, and perform some actions:
|
|
| 4 |
Edit role resources:
|
Create User with New Role
| Step | Description | Image |
| 1 | Go to Settings > Manage Users |
|
| 2 | Select “Add User.” New roles will be available in the “Role” dropdown. |
|
Default Roles & Resources
Resources Enabled by Role
Below are the default set of roles and their resources; these apply to all Ventures and countries.
| ACL Role | Description | Resources |
| ACL Manager | This user is responsible for assigning resources to roles and creating new user roles. | login, acl_management |
| Backend Finance | This user is able to set up everything finance-related (e.g., global and Seller commissions, fees, and payouts). | login, registration_read, registration_write, products_read, orders_read, reports_read, profile_read, switch_seller_write, settings_read, manager_seller_read, manager_seller_write, finance_read, finance_write, seller_support_read, content_management_read, product_qc_read, promotion_admin_write, promotion_admin_read, promotion_seller_write, promotion_seller_read, orders_return, seller_rating_admin_write, finance_qc, erp_log_write, commission_fees_read, commission_fees_write |
| Backend Operation | This user is intended to perform order processing via the Global Order Overview. Additionally, this user can switch between the different Sellers as well as updating the Sellers’ profiles. | login, profile_read, profile_write, switch_seller_write, global_order_overview_read, global_order_overview_write, blocked_order_states_accessible, shipment_information_edit, counterfeit_brand_read |
| Backend Product QC | This role is intended for multiple purposes. First, the user with this role is able to check the product content and approve/reject the pending quality control products. Secondly, this user is available to support Seller with either content creation of their products or fixing issues for products (small updates). Additionally, these users are able to create/update products for all Sellers via CSV imports. | login, registration_read, products_read, products_write, orders_read, switch_seller_write, product_qc_read, product_qc_write, promotion_admin_write, promotion_admin_read, promotion_seller_write, promotion_seller_read, orders_return |
| Backend Read Only |
This user role has the same access as an admin user, except they can only read the content but is not able to change anything. This role is intended for management users to be able to get an overview of Seller Center without changing accidentally something. |
login,registration_read, products_read, orders_read, reports_read, profile_read, switch_seller_write, settings_read, manager_seller_read, finance_read, seller_support_read, content_management_read, product_qc_read, promotion_seller_read, qc_reject_reasons_read, counterfeit_brand_read, erp_log_write, commission_fees_read |
| Backend Seller Setup | This user is intended to do all the setup of Seller settings, commissions, and fees. Additionally, this user is able to set up everything in Content Management. | login, registration_read, registration_write, products_read, orders_read, reports_read, profile_read, switch_seller_write, settings_read, manager_seller_read, manager_seller_write, finance_read, seller_support_read, seller_support_write, content_management_read, content_management_write, product_qc_read, product_qc_write, promotion_seller_write, promotion_seller_read, orders_return, backend_contracts_upload, counterfeit_brand_read, counterfeit_brand_write, erp_log_write, commission_fees_read, commission_fees_write |
| Backend Support |
This user role is intended to have the same user rights as a Seller user, with the exception that they can switch between different Sellers. Additionally, they have “read” access to the Seller settings, which are configured via the admin/backend setup user. Furthermore this user is able to use all parts of the Content Management (e.g., CMS blocks, translations, document templates), “Fulfillment by Venture,” and the promotion section. Otherwise, this user has only “read” access to the other areas of Seller Center. |
login, registration_read, registration_write, products_read, products_write, orders_read, orders_write, reports_read, profile_read, profile_write, switch_seller_write, settings_read, manager_seller_read, finance_read, seller_support_read, seller_support_write, content_management_read, content_management_write, product_qc_read, product_qc_write, consignment_read, consignment_write, promotion_admin_write, promotion_admin_read, promotion_seller_write, promotion_seller_read, global_order_overview_read, orders_return, qc_reject_reasons_read, qc_reject_reasons_write, seller_rating_admin_read, attribute_set_read, shipment_information_edit, counterfeit_brand_read, counterfeit_brand_write, erp_log_write, commission_fees_read |
| Monitoring API Access | This role allows login only to Seller Center or API for monitoring reasons. | monitoring_api_read |
| Seller API Access |
This is a subrole to the “Seller Full Access” role. This user can only operate with Seller Center via an API connection. This role is able to perform product management and order processing via API.
To learn how to use the API, please read this documentation.
|
api_write |
| Seller API Order Access | This role is a subrole to the “Seller Full Access” role and a subrole to “Seller API Access” role. This user with this role can only operate with Seller Center via an API connection for order processing. | api_order_access |
| Seller API Product Access | This role is a subrole to the “Seller Full Access”role and a subrole to “Seller API Access” role. This user with this role can only operate with Seller Center via an API connection for product management (creation or update). | api_product_access |
| Seller Catalog Access |
This role is a subrole to the “Seller Full Access” role. A user with this role is only able to perform work related to product management. This includes product creation and import (via CSV/XLSX) and update. Furthermore, this user can decide which email notifications (e.g., for new orders) they want to receive. |
login, notifications_write, products_read, products_write, orders_read, promotion_seller_write, promotion_seller_read |
| Seller Full Access |
This role gives access to the entire Seller section of Seller Center. Here, this user can manage their products (in Seller Center directly, via CSV or API) and manage their orders. This role can also check the account statements or update the profile information, as well as add additional users to the account. Furthermore, this role can customize document templates to their needs. Additionally, this role is able to decide which email notifications (e.g., for new orders) they want to receive. |
login, notifications_write, products_read, products_write, orders_read, orders_write, reports_read, profile_read, profile_write, api_write, consignment_read, consignment_write, promotion_seller_write, promotion_seller_read, orders_return, shipment_information_edit |
| Seller Order Access |
This role is a subrole to the “Seller Full Access” role. A user with this role is only able to perform order processing via Seller Center directly (via CSV import). Furthermore this user can decide which email notifications (e.g., for new orders) they want to receive. |
login, notifications_write, products_read, orders_read, orders_write, orders_return, shipment_information_edit |
| Seller Stock Update |
This role is a subrole to the “Seller Full Access” role. The only action this user can make in Seller Center is stock changes. Furthermore, this user can decide which email notification (e.g., for new orders) they want to receive. |
login, products_read, stock_write |
| User during login | This role refers to a user who has passed login but still needs to fulfill a two-factor authentication. | login_two_factor, |
| Developer | Developer on Venture or Seller-side with access to relevant API and authentication features that are located under “Integration Management.” | login, integration_management, manage_developer_apps |
Resources Details
The available resources for all Ventures and countries are listed below:
| Resource ID | Resource label | Tag | Description | |
| acl_management | ACL Management | – | Roles and user management. | |
| admin_only | Admin menu access | “settings” | Full access except Seller notification and configuration, maintenance area, product, and order API. | |
| api_explorer_access | API Explorer Access | “api” | Enables API Explorer in section Integration Management. | |
| api_order_access | Frontend API Order access | “api”, “order” | Order processing via API. | |
| api_product_access | Frontend API Product access | “api”, “product” | Product administration via API. | |
| api_write | Frontend API write | “api”, “product”, “order” | Full access to API. | |
| attribute_set_read | Attribute set read | “settings” | “Read only” access to attributes. | |
| attribute_set_write | Attribute set write | “settings” | “Write” access to attributes. Must be provided together with “read” access. | |
| backend_communication_read | Unified Communication Center – read permissions | – | Gives user the read access to Content Management (News), Survey Manager and Tag Manager | |
| backend_communication_write | Unified Communication Center – write permissions | – | Gives user the write access to Content Management (News), Survey Manager and Tag Manager | |
| backend_contracts_upload | Backend upload of econtracts | – | Gives access to the upload functionality for e-contracts in the Seller settings. | |
| blocked_order_states_accessible | Blocked Order States Accessible | “order”, “seller”]/td> | This role has access to the order statuses being blocked for the shipping provider based on the admin configuration. | |
| commission_fees_read | Commission Fees Read | “commission fees” | “Read only” access to commission fees. | |
| commission_fees_write | Commission Fees Write | “commission fees” | “Edit” access to commission fees. | |
| consignment_read | Fulfillment by Venture read | “order”, “consignment” | “Read only” access to consignment. | |
| consignment_write | Fulfillment by Venture write | “order”, “consignment” | “Write” access to consignment. Must be provided together with “read” access. | |
| content_management_read | Backend content management read | “cms”, “settings” | “Read only” access to the content, translations, documents templates, and management. | |
| content_management_write | Backend content management write | “cms”, “settings” | “Write” access to content management. Must be provided together with “read” access. | |
| erp_log | ERP Log Full Access | “erp” | ERP Log Full Access. Works with the Navision integration feature. | |
| finance_qc | Backend finance QC | “finance”, “qc” | Gives access to the finance quality control (review, reject or approve transactions). | |
| finance_read | Backend finance read | “finance” | “Read only” access to financial data (transactions fees). | |
| finance_write | Backend finance write | “finance” | “Write” access to financial data (transactions fees). Must be provided together with “read” access. | |
| global_3rd_party_developer_apps_access | Access to page 3rd Party Integration | “api” | Allows ventures to register OAUTH apps and call REST API as admins. | |
| global_product_read | Frontend Global Product Overview Write | “product” | Gives “read only” access to the global product list. | |
| global_product_write | Frontend Global Product Overview Read | “product” | Gives “write” access to the global product list. Must be provided together with “read” access. | |
| global_order_overview_read | Backend Dispatcher Read | “order” | Gives “read only” access to the global order list. | |
| global_order_overview_write | Backend Dispatcher Write | “order” | Gives “write” access to the global order list. Must be provided together with “read” access. | |
| integration_management_access | Integration Management Access | “api” | Access to section Integration Management | |
| login | Frontend login | – | Enables user to login in front-end. | |
| logistics_items_events_read | Logistics Items Events Read | “logistics items events” | Provides read only access to Logistics Items Events (feature in roll-out) | |
| logistics_items_events_write | Logistics Items Events Write | “logistics items events” | Provides write access to Logistics Items Events (feature in roll-out) | |
| manager_seller_read | Backend manager Seller read | “seller” | “Read only” access to Seller information. | |
| manager_seller_write | Backend manager Seller write | “seller” | Enables user to update commissions, set up delivery/shipping settings, Seller settings, administer fees, perform Seller (un)deletion/ activation/approval/rejection, import, and set Seller profile requirements. “Read only” access must be enabled as well. | |
| master_read | Master Products Management read | “product” | “Read only” access to master products | |
| master_write | Master Products Management write | “product” | “Write” access to master products.”Read only” access must be enabled as well. | |
| monitoring_api_read | Monitoring API Read | “api” | Monitoring access. | |
|
non_editableproduct |
Non-Editable Product Attributes Write | “user”, “product”, “attributes”, “settings” | Allows the user to edit Non-Editable Product Attributes. | |
| notifications_write | Frontend Notifications Write | – | Access to Seller notification area. | |
| oauth_developer_apps_access | Access to OAuth Applications | “api” | Gives the access to OAuth Applications page. Seller needs to register an application there to fulfill the authentication flow of the REST API. | |
| orders_read | Frontend Order read | “order” | Gives “read only” access to the Seller order list. | |
| orders_return | Frontend Order Returns | “order” | Gives full access to order returns management. | |
| orders_write | Frontend Order write | “order” | “Write” access to the order comments, reviews, order imports; order manipulation (status, tracking data etc). “Read only” access must be enabled as well. | |
|
product_mass_imageupload |
Advanced Product Mass Image Upload | “product”, “images”, “upload” | Allows the user to mass upload images for multiple sellers by using either Seller SKU either Shop SKU as naming pattern | |
| product_qc_read | Backend product QC read | “product”, “qc” | “Read only” access to products’ quality control. | |
| product_qc_write | Backend product QC write | “product”, “qc” | “Write” access to products quality control. Must be provided together with “read” access. | |
| products_read | Frontend Product Read | “product” | “Read only” access to products. | |
| products_write | Frontend Product write | “product” | Enables master product (variation) creation, editing, (un)deleting, import/export, stock/price changes, rejection, status change; gives access to the Seller Facebook administration. “Read only” access must be enabled as well. | |
| product_content_write | Frontent Product Content Write | “product” | Enables product content updates without stock or price fields, | |
| product_not_authorized | Set products to not authorized | “product” | Set products to not authorized. | |
| product_stock_write | Frontent Product Stock Write | “product”, “stock” | enables stock updates for users | |
| product_price_write | Frontent Seller Price write | “product”, “api” | enables user to change prices of products only either via API/CSV or UI | |
| profile_read | Frontend Profile read | “profile”, “seller” | “Read only” access to user profile. | |
| profile_write | Frontend Profile write | “profile”, “seller” | “Write access” to user profile. Must be provided together with “read” access. | |
| promotion_admin_read | Promotion Admin read | “promotion”, “settings” | “Read only” access to promotions administration. | |
| promotion_admin_write | Promotion Admin write | “promotion”, “settings” | Allows promotion creation, editing, and deletion; promotion QC (rejection, approval); promotion import. “Read only” access must be enabled as well. | |
| promotion_seller_read | Promotion Seller read | “promotion” | “Read only” access to Seller administration. Must be provided together with “read” access. | |
| promotion_seller_write | Promotion Seller write | “promotion” | “Write” access to Seller administration. | |
| qc_reject_reasons_read | QC Return Reasons Read | “qc”, “settings” | “Read only” access to Product Quality Control page. | |
| qc_reject_reasons_write | QC Return Reasons Write | “qc”, “settings” | “Write” access to Product Quality Control page. Must be provided together with “read” access. | |
| registration_read | Frontend Registration Read | “seller” | “Read only” access to the Seller registration/invitation page. | |
| registration_write | Frontend Registration Write | “seller” | “Write” access to the Seller registration/invitation page. Must be provided together with “read” access. | |
| reports_read | Frontend Report read | “report” | “Read only” access to reports. | |
| seller_price_write | Seller Price write | “product”, “api” | Write access to product prices including sales price for UI updates as well as imports and API. Read only access must be enabled together. | |
| seller_profile_read | View Seller Profiles | “view”, “seller user” | Give read-only access to all seller user profiles, regardless of assigned role. | |
| seller_qc_read | Backend Seller QC Read | “seller”, “qc” | “Read” access for Seller quality control. | |
| seller_qc_write | Backend Seller QC Write | “seller”, “qc” | “Write” access for Seller quality control. | |
| seller_rating_admin_read | Seller Rating Admin read | “seller rating”, “settings” | Provides “read only” access to the Seller rating page. | |
| seller_rating_admin_write | Seller Rating Admin write | “seller rating”, “settings” | Provides “write” access to the Seller rating page. | |
| seller_support_read | Backend seller support read | “seller”, “product”, “order”, “api”, “consignment” | Provides “read only” access to global order, product, export, import, API, mail setup, log consignment and sync status pages. | |
| seller_support_write | Backend seller support write | “seller”, “product”, “order”, “api”, “consignment” | Can update product consignment details and edit Seller profile data. “Read only” access must be enabled together. | |
| seller_tiering_read | Seller Tiering Read | “seller”, “settings” | Provides read only access to Seller Tiering configuration (feature in roll-out) | |
| seller_tiering_write | Seller Tiering Write | “seller”, “settings” | Provides write access to Seller Tiering configuration (feature in roll-out) | |
| settings_read | Backend settings read | “seller”, “settings” | “Read only” access to administration area for categories, commission, Seller, and shipping. | |
| settings_write | Backend settings write | “seller”, “settings” | “Write only” access to administration area for categories, commission, Seller, shipping. Must be provided together with “read” access. | |
| smart_seller_manager_read | Smart Seller Manager Read | “seller”, “settings” |
|
|
| smart_seller_manager_write | Smart Seller Manager Write | “seller”, “settings” | Provides write access to Smart Seller Manager configuration | |
| statement_sales_invoice_read | Statement Sales Invoice Read | “sales invoice”, “transaction statement” | Provides read only access to Statement Sales Invoice (feature in dev) | |
| statement_sales_invoice_write | Statement Sales Invoice Write | “sales invoice”, “transaction statement” | Provides write access to Statement Sales Invoice (feature in dev) | |
| stock_write | Frontend Product Stock Write | “stock”, “product” | Enables product stock change. | |
| switch_seller_write | Backend switch Seller write | “seller” | Enables Seller switching. | |
| take_a_tour | Take a tour | “tours”,”guide”,”onboarding” | Enables admin access to Take a tour (creating & editing Tours). User display as default. | |
| tag_manager_read | Tag Manager Read | “tag manager”, “seller”, “order item”, “product” | Provides read only access to Tag Manager | |
| tag_manager_write | Tag Manager Write | “tag manager”, “seller”, “order item”, “product” | Provides write access to Tag Manager | |
| transaction_rule_engine | Transaction Rule Engine Full Access | “transaction,” “rule engine” | Enables rules to be defined via Transaction Rule Engine. |
Global Administrative Roles
| Role | Description | Access Rights |
|---|---|---|
| Admin | Includes the whole administration of Seller Center, as well as all Seller-related operations. |
Full administration menu access. Full Seller menu sections. |
| Maintenance |
Used for site maintenance only. Only available to certain Rocket Labs employees. |