Admin Users & Permissions
Admin users are separate from customer accounts. They access the Backoffice panel and manage store operations. Access is controlled by Attribute-Based Access Control (ABAC).
Managing Admin Users
Navigate to Settings → Admin Users.
Creating an Admin User
- Click New Admin User
- Enter email, name, password
- Assign section groups (ABAC permissions)
- Save
ABAC Section Groups
Each admin user is granted access to specific sections of the Backoffice:
| Section Group | Controls Access To |
|---|---|
| Catalog | Products, Categories, Brands, Attributes, Specifications |
| Sales | Orders, Customers, Customer Groups |
| Inventory | Warehouses, Stock, Fulfillment |
| Supply Chain | Purchase Orders, Goods Receipts, Demand Planning |
| Marketing | Promotions, Discount Codes |
| Content | Media, Navigation, Pages, Legal Documents |
| Settings | Stores, Languages, Currencies, Payment, Shipping, Notifications, Admin Users, API Keys |
How ABAC Works
- Each admin API endpoint is decorated with
[RequireSection("section-name")] - The middleware checks if the logged-in admin has the required section in their attributes
- If not, the request is blocked with 403
- The Backoffice UI also hides menu items for sections the user doesn't have access to
Example: Limited Access User
An admin with only Sales and Inventory sections can:
- ✅ View and manage orders
- ✅ View and manage customers
- ✅ Manage warehouse stock
- ❌ Cannot edit products (Catalog section required)
- ❌ Cannot access store settings (Settings section required)
- ❌ Cannot create promotions (Marketing section required)
Editing Permissions
- Open an admin user for editing
- Toggle section groups on/off
- Save — changes take effect on the user's next login/API call
warning
At least one admin user should have access to all sections to avoid lockout scenarios.