Ch. 021. Admin Groups

In this chapter:

Creating Admin Groups

An Admin Group is a set of admin users who share the same set of permissions in the Pressero administrative area. The "Everyone" Group is a default Group that all can belong to. Depending on your needs, you can create additional Admin Groups, each with different sets of permissions and assign the different users to the groups that you want them to belong to. Each admin user can belong to one or more admin groups. You can also set certain admin users to only manage certain sites in your account. 

 

Creating a New Admin Group

To create a new User Group, go to Admin > Preferences > Admin Groups and click the “+ Add New" button. 

Group Name - Enter a group name that you will recognize when setting admin users in their user accounts and in individual sites if you need to limit their group. 

Description - This is optional and can be used to further help you identify the difference between one group and another. Examples: "This group can view and edit orders on any site," or "This group can only view/edit orders for the ABC Corporation site." 


 

Permission Principles

Setting permissions can be tricky and it is very important to change permissions for any group you belong to carefully. You could easily lock yourself out of the admin area all together if you are not careful. If this happens you will need to submit a support ticket to have us correct the settings in the database. 

  1. Avoid using Deny. In most cases, use Not Set instead. Not Set means the permission is Off. 
  2. Permissions can apply across Groups.
    • A "Not Set" permission means the user is not granted the permission unless Allowed in another group they belong to. When the User is a member of two Groups with one group set to Allow and the other set to Not Set, Allow will over ride Not Set.
    • A "Denied" permission is ALWAYS denied. When the User is a member of two Groups with one group set to allow and the other set to Deny, Deny will over ride Allow.
  3. Higher (stronger) level permissions when Denied will override lower level permissions that are Allowed. For example, if the higher level "Can manage sites" is Not Set or Denied, and it's lower level "Can manage content pages" is Allowed, the group member will not be able to change content pages.
  4. A permission Allowed at a higher (stronger) level will grant all permissions underneath it unless they are set to Denied.
  5. A admin user can be part of multiple groups. If they are denied a particular permission in any group they belong to, even if they are allowed in another, they WILL be DENIED that permission. If you find a user is not being given a permission you want them to have, check all groups they are in to see if this is the cause. 
  6. Permissions can be granted globally (all sites), or on a per site basis instead. For example, you can have an Admin Group named "Bluestore Admins" where "Can manage sites" is Allowed only for the Bluestore site. That way the Bluestore Admins group can do everything for the Bluestore site, but nothing for the Redstore site. Store specific permission settings like this are done in the store's admin area (Sites > Site Groups > Admin Groups). See more site specific examples below.

Permission Levels for Admin Groups

The less indented a permission is below, the "stronger" (i.e., higher) level it is. Remember, a permission Allowed at a higher level will grant all permissions underneath it except those set to Denied. A permission Denied at a higher level will deny all permissions underneath it, regardless of whether those permissions are Allowed.

 

 

Permissions that are being Allowed display with green background. Permissions explicitly Denied display with a red background, while Not Set display with a yellow background because it is a conditional "Not Allowed". 

1. Can manage all subscriber settings

A. Can manage brokers

B. Can manage sites

i. Can manage inventory stock items and transactions

ii. Can view and edit orders

a. Can view site orders

iii. Can manage products

iv. Can manage promotions

v. Can manage site menus

vi. Can manage content pages

C. Can manage all users

D. Can manage reports

vii. Can view reports

E. Ability to view system notifications

F. Ability to Manage Settings

Referring to the hierarchy above, if 1. is set to Denied, then any Allowed permissions for A-F, and i.-vii. will be ignored and be Denied instead.

  • If the higher level "Can view and Edit orders" is set to Denied, the lower level "Can view site orders" set to Allowed will be overridden. The Group member will not be able to view orders, nor edit them. 
  • Likewise, if "Can manage products" is set to Allowed, but the higher level "Can manage sites" is set to Denied, Allowed will be overridden and the Group member will not be able to add or edit products.
On the other hand, if Can manage all subscriber settings is set to Not Set, then permissions for sublevels that are Allowed will be used. "Not Set" in this context is treated as a conditional "Denied, unless it is Allowed." 
  • If "Can view site orders" is set to Allowed, but "Can view and Edit orders" is set to Not Set, Allowed will be used and the Group member will be able to view orders, or edit them. 
  • Likewise, if "Can manage products" is set to Allowed, but its higher level "Can manage sites" is set to Not Set, the Group member will be add or edit products.

Store-Specific Admin Permissions

Example Scenario:

  • Two stores: Bluestore.com and Redstore.com
  • Four Admin Groups: "Owner", "Order CSRs", " Bluestore Admins", "Blue Nonpromos"

Below are Admin Group Permissions:

(see Permission Levels for Admin Groups above for numbering hierarchy)

Owner Group ( allowed to do everything)

  • "Can manage all subscriber settings" - Allowed (this will be global - all sites)
  • a-f, and i.-vii. permissions - Not Set

The practical result is members of the Owner Group are allowed to do everything.

Order CSRs Group (view and edit any order regardless of site)

  • F. "Ability to Manage Settings" - Allowed (this will be global - all sites)
  • ii. "Can view and edit orders" - Allowed (this will be global - all sites)
  • All other permissions - Not Set

This means that Order CSRs can view and edit any order regardless of site. 

Bluestore Admins Group (can manage every aspect of Bluestore, but nothing in Redstore)

  • F. "Ability to Manage Settings" - Allow (this will be global - all sites)
  • B. "Can manage sites" - Not Set in Preferences, Allowed in Bluestore site only (set at Sites > Bluestore > Site Groups > Admin Groups)
  • All other permissions - Not Set

This means that Bluestore Admins can manage every aspect of Bluestore, but nothing in Redstore. They cannot manage Admin users, brokers, pricing engines, etc.

Blue Nonpromos Group

  • F. "Ability to Manage Settings" - Allowed (this will be global - all sites)
  • B. "Can manage sites" - Not Set in Preferences, Allowed in Bluestore site only (set at Sites > Bluestore > Site Groups > Admin Groups)
  • iv. "Can manage promotions" - Not Set in Preferences, Denied in Bluestore (set at Sites > Bluestore > Site Groups > Admin Groups)
  • All other permissions - Not Set

This means that Blue Nonpromos can manage every aspect of Bluestore EXCEPT promotions. Nothing on Redstore. They cannot manage Admin users, brokers, pricing engines, etc.

Editing and Deleting an Admin User Group

  • To edit a Group, select the pencil icon beside the Group Name. Make changes and then Save. 
  • To delete a Group you can do the same as above and then click on the Delete button. Note: Unlike many other areas of the Pressero system, when you delete a Admin Group you CANNOT later view and re-activate a previously deleted group. .