Assigning sensitive permissions to staff

As the store owner, you automatically have permissions that enable you to see private store data, such as your personal banking information, other financial information, or customer data. These permissions are known as sensitive permissions. But as you grow your business, you might want to delegate certain tasks to staff members that require them to have access to your private store data.

Giving sensitive permissions to your staff members enables you to do the following:

  • spend less time managing your business, and spend more time developing your business
  • delegate some workflows, such as GDPR requests, and updating payment settings
  • feel more confident about activating 2-step authentication for your account, therefore, making your account less vulnerable
  • distribute sensitive tasks across several staff members to ensure that no one staff member's account is vulnerable
  • release ownership of your store without complications

Sensitive permissions

The following are the permissions that expose private store data.

  • Request customer data
  • Edit permissions
  • Edit billing payment methods and pay invoices
  • Manage other payment settings

Tasks that only the store owner can perform

A Shopify store can only have one store owner. It's usually the person who opened the store. You can check who’s listed as the store owner by clicking Settings > Users and permissions in your Shopify admin. Email messages from Shopify are sent to the store owner’s email address.

The following actions are only available to the store owner regardless of which sensitive permissions have been given to staff members:

Ready to start selling with Shopify?

Try it free