Rights and Roles

A feature of the Enterprise Edition is the rights and roles management.

Use rights and roles to control access to visible elements and available functions of the OXID eShop for individual users and user groups.

We distinguish between rights and roles for the actual shop (frontend) and the administration area (backend).

A right governs access to specific functions, such as articles and categories or the display of certain sections of an article’s detail page.

Roles combine multiple rights and are assigned to users and user groups.

Defining the Scope of Rights and Roles

Restrict the scope of rights and roles management as needed.

By default, no restrictions are enabled ($this->blUseRightsRoles = 3).

Procedure

Open the configuration file config.inc.php.
Configure the $this->blUseRightsRoles parameter.

You have the following options:
- 0 – Rights management disabled
- 1 – Backend only
- 2 – Frontend only
- 3 – Backend and frontend

Assigning Rights and Roles for the Shop (Frontend)

Assign different permissions for the shop.

Define the permissions in the administration area:

in the article and category management

as well as
under Users ‣ Manage Users ‣ Shop Roles

Important

Principle of Selective Rights Restriction

By default, all visitors to your OXID eShop have full access.

A right is only restricted once at least one role explicitly includes that right, and at least one user group is assigned to that role.

The assigned user group does not have to contain any users. For example, you could create a user group Vollzugriff and assign it to the corresponding role Vollzugriff, in which all rights are activated.

In the first step, all rights are restricted and can then be selectively re-enabled for specific user groups via appropriate roles.

Restricting Visibility of Articles and Categories

Define that only specific user groups are allowed to view certain articles and categories.

Procedure

Under Manage Products, choose the desired article or category.
Choose the Rights tab.
Choose the Assign user groups (Visible to selected only) button (Fig.: Restricting article/category visibility or purchase, Pos. 1) and assign the desired user groups (Fig.: Restricting article/category visibility or purchase, Pos. 3).

Fig.: Restricting article/category visibility or purchase

Result

Only users who belong to the assigned user groups will be able to view the respective articles and categories after logging into the shop.

These parts of the catalog will not be visible to all other users and user groups.

Restricting Purchase of Articles and Categories

Define that specific articles and categories are only purchasable by certain user groups.

Procedure

Under Manage Products, choose the desired article or category.
Choose the Rights tab.
Choose the Assign user groups (Purchasable by selected only) button (Fig.: Restricting article/category visibility or purchase, Pos. 2) and assign the desired user groups (Fig.: Restricting article/category visibility or purchase, Pos. 3).

Result

For users without the required permissions, the To Cart button is not shown in the article list (Fig.: Article list with and without add-to-cart button, Pos. 2).

With the Details button (Fig.: Article list with and without add-to-cart button, Pos. 1), these users can only view the article detail page.

The To Cart button is also missing in the detail view if the user is not logged in or does not belong to the authorized user group (Fig.: Article detail page without add-to-cart button).

Fig.: Article detail page without add-to-cart button

Controlling Access to Functions and Sections of the Detail Page

Assign rights and roles that apply to the entire product catalog.

The shop is delivered with the following rights for the frontend, which can be combined into roles and assigned to specific user groups (Fig.: Creating a new role, Pos. 1):

Add articles to the cart (TOBASKET)
Show article price (SHOWARTICLEPRICE)
Show short description of the article (SHOWSHORTDESCRIPTION)
Show long description of the article (SHOWLONGDESCRIPTION)

In this example, you decide to hide the To Cart button for users who are not logged in (“guests”).

Procedure

Create a role that you will later assign to all user groups.

Background: User groups contain users. Users are visitors to your OXID eShop who have an email address and use it to log in.

All other visitors to your OXID eShop are guests. Guests differ from users in that they do not log in.
1. Choose Users ‣ Manage Users ‣ Shop Roles
2. In the Title field, enter the name of the role, for example angemeldet, check Active, and save.
  
  Fig.: Creating a new role
  
  So-called ident parameters are displayed (Fig.: Creating a new role, Pos. 1).
3. Choose the ident parameter you want to control.
  
  In this example, you want the cart button to be shown to logged-in users, but hidden from guests (non-logged-in users).
  
  Therefore, check the box for TOBASKET (tobasket;basket) (Fig.: Creating a new role, Pos. 2), and save your settings.
  
  The result of this configuration:
  
  The user groups to which the role angemeldet is assigned will have the right TOBASKET. For them, the To Cart button is visible.
  
  For all other user groups, the right TOBASKET is disabled.
  
  General rule: All rights apply by default unless they are restricted.
  
  In this example, the ident parameters that control the long and short descriptions and the price (Fig.: Creating a new role, Pos. 3) are not explicitly assigned to any role, so they apply to all users, including guests.
To apply your settings, assign user groups to the role.
1. On the Users tab, choose the button Assign user groups.
2. In this example, assign all user groups (Fig.: Assigning user groups to a role).
  
  Background: Guests are not users and are therefore not included in any user group.
  
  Fig.: Assigning user groups to a role

Result

Check the result by viewing a product in your OXID eShop.

Logged-in users will see the To Cart button (Fig.: Cart button for logged-in users, Pos. 1).

Fig.: Cart button for logged-in users

Guests (not logged-in visitors) will not see the To Cart button (Fig.: No cart button for guests).

Fig.: No cart button for guests

The result is not as expected?

Clear your browser cache and try again.

Assigning Rights and Roles for the Administration Area (Backend)

Define roles and rights for the administration area as well.

This allows you to reflect different responsibilities in the management of the OXID eShop.

Use roles to control access to menus, submenus, and tabs.

Roles can allow varying levels of access to navigation menus, submenus, and even individual tabs in the input area.

This way, each administrator gets their customized admin view.

Procedure

Under Users ‣ Manage Users ‣ Admin Roles, create a new role.
Activate the desired rights (Fig.: Defining access rules for navigation elements).

Fig.: Defining access rules for navigation elements
On the Objects tab, define access to categories and products.

For example, control who can create, edit, or delete articles and categories globally, and—if needed—at the level of each individual control (fields, checkboxes, or options) in the input area.

To open the selection menu, choose the arrow icon (Fig.: Specifying access rules for categories, Pos. 1).

Fig.: Specifying access rules for categories

In our example, you control access to the controls for describing categories (Fig.: Example: Controls for describing categories, Pos. 1).

Fig.: Example: Controls for describing categories
On the Users tab, assign the relevant users or user groups to the role.