Migrating users in your store to the role-based access control model
With the role-based access control model, you can assign roles to users.
The user role represents the user's job in your store and contains all the granular permissions for the user to do their job. When a role is assigned to a user, the associated permissions are granted to the user. When a role is removed from the user, the permissions are also removed. One or multiple roles can be assigned to a user. These roles grant the user the accumulative permissions from all the roles. This means that you can accurately and uniformly change user permissions through their role and reduce instances where a user is accidentally given permissions that aren't part of their job.
There are two types of predefined user roles available: system roles and custom roles. System roles are predefined roles and can't be edited. Custom roles are predefined roles that you can edit to suit your business needs. You can also create custom user roles. Learn more about the available predefined user roles and creating roles.
User access changes
Review the following exceptions to understand how your existing user management permissions will be affected:
- Staff members who have been granted all available permissions are automatically migrated to the Administrator role.
- User management permissions are deprecated. To grant user access permissions with the role-based access control model, you can assign the user the Administrator role. Learn more about system roles.
Migrating users to the roles-based access control model
When your store migrates to the role-based access control model, your existing user access remains unchanged with some exceptions to user management permissions.
You can directly assign a role to a user. After you assign a role to the user, the permissions in the role replace the previous permissions and migrate the user to roles.
You can assign users to predefined roles, or create a new role from the legacy group's existing permissions.
Users that aren’t yet migrated display a Legacy access badge in the Users section of your Shopify admin settings. You can filter and sort your users by Legacy access to display all users that need to be migrated.
Steps:
From your Shopify admin, go to Settings > Users and permissions.
Click a user with the Legacy access badge.
In the Legacy access section, click the … button next to the name of one of the stores, and then click Create role.
-
In the Create role from existing store permissions dialog, add the following information:
- Add a name for the role.
- Optional: Add a description to the role.
- Optional: Make any adjustments to the permissions.
Click Save to create the role.
Select stores to assign store access for the role.
Click Done.
Click Save.
In the Replace legacy permissions dialog, click Replace and save.
POS access
If you have the Shopify Point of Sale (POS) sales channel, then you need to create a custom role in the Users section of your store settings with POS access permissions to grant POS access to staff members.
Create a custom user role or modify a default role, select the POS access permissions that you want to grant for the user role, and then assign that role to users to grant them POS access. After you assign the role to a user, the user is automatically assigned to the default Associate role.
You can manage the following user information for POS staff from the POS app or POS sales channel:
- Manage the user's PIN
- Assign the user a different POS role
- Create and manage POS roles