Migrating users in your store to the role-based access control model

With the role-based access control model, you can assign roles to users.

The user role represents the user's job in your store and contains all the granular permissions for the user to do their job. When a role is assigned to a user, the associated permissions are granted to the user. When a role is removed from the user, the permissions are also removed. One or multiple roles can be assigned to a user. These roles grant the user the accumulative permissions from all the roles. This means that you can accurately and uniformly change user permissions through their role and reduce instances where a user is accidentally given permissions that aren't part of their job.

There are two types of predefined user roles available: system roles and custom roles. System roles are predefined roles and can't be edited. Custom roles are predefined roles that you can edit to suit your business needs. You can also create custom user roles. Learn more about the available predefined user roles and creating roles.

User access changes

Review the following exceptions to understand how your existing user management permissions will be affected:

  • Staff members who have been granted all available permissions are automatically migrated tot the Administrator role.
  • Users with store-level user management permissions can still remove or suspend user access, but they can't modify user access or invite new users. To continue modifying users or inviting new users, you can assign the user the Administrator role.

Migrating users to the roles-based access control model

When your store migrates to the role-based access control model, your existing user access remains unchanged with some exceptions to user management permissions.

You can directly assign a role to a user. After you assign a role to the user, the permissions in the role replace the previous permissions and migrate the user to roles.

You can assign predefined roles to your users. If the pre-defined roles don't meet your requirements, then you can either edit the roles or create a role with the permissions you require for your users.

If you haven't migrated all of your users to roles before May 1, 2025, then your permissions are automatically converted to roles and assigned to a user or a user group. This conversion doesn't change your users' access, but it does create a unique role for each unmigrated user that you might want to customize.

Users that aren’t yet migrated display a Legacy access badge in the Users section of your Shopify admin settings. You can filter and sort your users by Legacy access to display all users that need to be migrated.

Steps:

  1. From your Shopify admin, click Settings > Users.
  2. Click a user with the Legacy access badge.
  3. Optional: In the Legacy access section, review the user's legacy permissions.
  4. In the Roles section, click + Assign, and then click the role that you want to assign to the user.
  5. Click Save.

POS access

If you have the Shopify Point of Sale (POS) sales channel, then you need to create a custom role in the Users section of your store settings with POS permissions to grant POS access to staff members.

Create a custom user role, and then select the POS permissions that you want to grant for the custom user role. You manage permissions for your POS staff in the POS sales channel in your Shopify admin.

Learn more about managing POS staff.

Can’t find the answers you’re looking for? We’re here to help.