Ch. 021. Admin Groups "Updated for V6"

PRESSERO > Pressero Documentation Manual
Creating Admin Groups
An Admin Group is a set of admin users who share the same set of permissions in the Pressero administrative area.  The "Everyone" Group is a default Group that all can belong to. Depending on your needs, you can create additional Admin Groups, each with different sets of permissions and assign the different users to the groups that you want them to belong to. Each admin user can belong to one or more admin groups. You can also set certain admin users to only manage certain sites in your account. 
 


 

Creating a New Admin Group


To create a new User Group, select the “Add New Group” link. 
 
Group Name - Enter a group name that you will recognize when setting admin uses in their user accounts and in individual sites if you need to limit their group. 
 
Description - This is optional and can be used to further help you identify the difference between one group and another. Example: This group can view and edit orders on any site, or This group can only view/edit orders for the ABC Corporation site. 
 

 

Permission Principles

Setting permissions can be tricky and it is very important to change permissions for any group you belong to carefully. You could easily lock yourself out of the admin area all together if you are not careful. If this happens you will need to submit a support ticket to have us correct the settings in the database. 
  1. Avoid using Deny. In most cases, use Not Set instead. Not Set means the permission is Off. 
  2. Permissions can apply across Groups.
    • A "Not Set" permission means the user is not granted the permission unless Allowed in another group they belong to. When the User is a member of two Groups with one group set to Allow and the other set to Not Set, Allow will over ride Not Set.
    • A "Denied" permission is ALWAYS denied. When the User is a member of two Groups with one group set to allow and the other set to Deny, Deny will over ride Allow.
  3. Higher (stronger) level permissions when Denied will override lower level permissions that are Allowed. For example, if the higher level "Can manage sites" is Not Set or Denied, and it's lower level "Can manage content pages" is Allowed, the group member will not be able to change content pages.
  4. A permission Allowed at a higher (stronger) level will grant all permissions underneath it unless they are set to Denied.
  5. A admin user can be part of multiple groups. If they are denied a particular permission in any group they belong to, even if they are allowed in another, they WILL be DENIED that permission. If you find a user is not being given a permission you want them to have, check all groups they are in to see if this is the cause. 
  6. Permissions can be granted globally (all sites), or on a per site basis instead. For example, you can have an Admin Group named "Bluestore Admins" where "Can manage sites" is Allowed only for the Bluestore site. That way the Bluestore Admins group can do everything for the Bluestore site, but nothing for the Redstore site. Store specific permission settings like this are done in the store's admin area (Sites > Site Groups > Admin Groups). See more site specific examples below
 

Permission Levels for Admin Groups

The less indented a permission is below, the "stronger" (i.e., higher) level it is.  Remember, a permission Allowed at a higher level will grant all permissions underneath it except those set to Denied. A permission Denied at a higher level will deny all permissions underneath it, regardless of whether those permissions are Allowed.
 
 
Permissions that are being Allowed will display a green background. Permissions explicitly Denied will display a red background, while Not Set will display a yellow background because it is a conditional "Not Allowed". 
 
  1.  Can manage all subscriber settings
    1. Ability to Manage Settings
    2. Can manage all users
    3. Can manage brokers
    4. Can manage sites
      1.  Can manage inventory stock items and transactions
      2.  Can view and edit orders
        1. Can view orders
      3. Can manage content pages
      4. Can manage products
      5. Can manage promotions
      6. Can manage site menus
 
 
 
 
 
 
 
 
 
 
Referring to the hierarchy above, if 1. is set to Denied, then any Allowed permissions for a-d, and i.-vi. will be ignored and be Denied instead.  
  • So if the higher level 1. "Can view and Edit orders" is set to Denied, a lower level 1 (d) ii. A. "Can view orders" set to Allowed will be over ridden. The Group member will not be able to view orders, nor edit them. 
  • Likewise, if 1 (d) iv. "Can manage products" is set to Allowed, but the higher level 1 (d) "Can manage sites" is set to Denied, Allowed will be over ridden and the Group member will not be able to add or edit products.
On the other hand, if 1. is set to Not Set, then permissions for (a-d), and i.-vi. that are Allowed will be used. "Not Set" in this context is treated as a conditional "Denied, unless it is Allowed" 
  • So if "Can view orders" is set to Allowed, but "Can view and Edit orders" is set to Not Set, Allowed will be used and the Group member will be able to view orders, or edit them. 
  • Likewise, if "Can manage products" is set to Allowed, but it's higher level "Can manage sites" is set to Not Set, the Group member will be add or edit products.


Store Specific Admin Permissions


Example Scenario:
Two stores: Bluestore.com and Redstore.com
Four Admin Groups: "Owner", "Order CSRs", " Bluestore Admins", "Blue Nonpromos"


Below are Admin Group Permissions:
(see Permission Levels for Admin Groups above for numbering hierarchy)

Owner Group ( allowed to do everything)
    1. "Can manage all subscriber settings" - Allowed (this will be global - all sites)
    (a)-(d), and i.-vi. permissions - Not Set
The practical result is members of the Owner Group are allowed to do everything

Order CSRs Group (view and edit any order regardless of site)
    (a). "Ability to Manage Settings" - Allowed (this will be global - all sites)
    ii. "Can view and edit orders" - Allowed (this will be global - all sites)
    All other permissions - Not Set
This means that Order CSRs can view and edit any order regardless of site. 

Bluestore Admins Group (can manage every aspect of Bluestore, but nothing in Redstore)
   (a). "Ability to Manage Settings" - Allow (this will be global - all sites)
   (d). "Can manage sites" - Not Set in Preferences, Allowed in Bluestore site only (set at Sites > Bluestore > Site Groups > Admin Groups)
   All other permissions - Not Set
This means that Bluestore Admins can manage every aspect of Bluestore, but nothing in Redstore. They cannot manage Admin users, brokers, pricing engines, etc.

Blue Nonpromos Group
   (a). "Ability to Manage Settings" - Allow (this will be global - all sites)
   (d). "Can manage sites" - Not Set in Preferences, Allowed in Bluestore site only (set at Sites > Bluestore > Site Groups > Admin Groups)
   v. "Can manage promotions" - Not Set in Preferences, Denied in Bluestore (set at Sites > Bluestore > Site Groups > Admin Groups)
   All other permissions - Not Set
This means that Blue Nonpromos can manage every aspect of Bluestore EXCEPT promotions. Nothing on Redstore. They cannot manage Admin users, brokers, pricing engines, etc.
 

Editing and Deleting an Admin User Group

  • To edit a Group, select the pencil icon beside the Group Name. Make changes and then Save. 
  • To delete a Group you can do the same as above and then click on the Delete button. Please note: Unlike many other areas of the Pressero system, when you delete a Admin Group you can not later view and re-activate a previously deleted group. Once you choose to delete a group you will need to create it again if necessary.