In an effort to further improve the user experience and to streamline the handling of Access Permissions we have created a new way to control user access.
Enabling the new version
To swap over from our old Access Permissions version to the new one, it's as simple as navigating to Configuration -> Settings -> Access Permission settings, and setting the "Access permissions version" dropdown to "V2":
Using the new version
Previously we created access permissions by selecting how we target users, how we target products/categories, and then allowing or denying access on a per-item basis.
The new version utilises similar concepts, however rather than put all this information in one place, we have broken it down into the following sections:
Once you have enabled Access Permissions V2, you will see a tab for each of these in the Catalogue -> Access Permission -> Access Permissions menu:
Each of these tabs are elaborated upon below.
A scope is effectively a method of targeting users. If you click "Add new scope" in the "Scopes" tab, you can build a scope by selecting from the customer attributes seen in the screenshot below, and you can also name it (this will be internal and is designed to help admin users identify who the scope is targeting):
Please note that the shipping and billing address information are referring to the user's default shipping and billing address.
If you configure more than one dropdown in the Scope, then all of the conditions must be met for the user to be included in the Scope.
Once the scope has been built, it is ready to be used in a rule, which will be explained further in the "Rules" section of this article.
A target is a method of selecting products or categories, serving as the second half of each rule, with the first half being the scope.
If you click "Add new target" in the "Targets" tab, you will be able to define how you want to target your products using the "Target" dropdown:
The target options are:
- Product - This allows you to target a specific product
- Product Group - This allows you to target all products in a product group
- Category - This allows you to target a category and all of its direct children. If you give access to this category, you will also be giving access to all products and sub-categories, but not the products within those sub-categories.
- Tag - This allows you to target all products that have the specified product tag assigned
- Specification attribute option - Like with product tags, this allows you to target all products with the designated specification attribute option assigned.
As with Scopes, you are able to set a name for the Target. We recommend providing names that make it clear what the configuration is targeting so that you can easily identify what the target does.
Once you have at least one Scope and Target set up, you can then set up your rules. Effectively, a rule is simply tying a Scope and a Target together, then determining whether or not the users in the selected Scope have access to the products/categories in the Target.
This is done by clicking "Add new record" in the "Rules" tab, selecting your Scope and Target, then either checking or un-checking the "Has Access" box and clicking "Insert".
In the example below, I have set up a Scope to target the "Registered" customer role, and the category "Category 1", which allows me to give all registered users access to "Category 1" and all the products within:
The "Rule Weight" option allows you to resolve any potential issues caused by two ore more rules applying to the same situation.
For example, if you had the following set up:
- A scope for all users with the "Registered" role
- A scope for all users with the "Storefront Administrator" role
- A target for an admin-only product
And then the following rules:
- Deny "Registered" role scope access to admin-only product
- Allow "Storefront Administrator" role access to admin-only product
When a user with the Storefront Administrator role tries to access the admin-only product, they will meet both rules since they have both roles assigned to their account (all registered users will have the "Registered" role).
In this instance, it is not clear which Rule should be used and so the system will deny access, as this is the default behaviour when one rule allows access and another denies access.
This is where the "Rule Weight" setting comes in, as it allows you to give rules priority over each other and lets you prevent the system from reverting to default behaviour in situations like this.
The higher the rule weight, the more priority it has, and so if you set the rule weight of the "Storefront Administrator" rule mentioned above to 1 (or any number higher than the rule weight of the "Registered" rule), then the storefront administrator will have access to the admin-only product, since you have told the Infigo system which rule is more important.