Assigning sensitive legacy permissions to users

As the store owner, you automatically have permissions that let you access private store data, such as your personal banking information, other financial information, and customer data. These permissions are known as sensitive permissions. As you grow your business, you might want to delegate certain tasks to staff members that require them to have access to your private store data.

You can do the following by giving sensitive permissions to your staff members:

  • spend less time managing your business, and spend more time developing your business
  • delegate some workflows, such as GDPR requests, and updating payment settings
  • feel more confident about activating 2-step authentication for your account, therefore, making your account less vulnerable
  • distribute sensitive tasks across several staff members to ensure that no one staff member's account is vulnerable
  • release ownership of your store without complications.

Sensitive permissions

The following permissions expose private store data:

  • Customers > Request data
  • Users > Edit permissions (depcrecated for role-based access control)
  • Finance > Edit billing payment methods and pay invoices
  • Finance > Manage other payment settings

Tasks that only the store owner can perform

A Shopify store can only have one store owner. It's usually the person who opened the store. You can check who’s listed as the store owner by clicking Settings > Users in your Shopify admin. Email messages from Shopify are sent to the store owner’s email address.

The following actions are available only to the store owner regardless of which sensitive permissions have been given to staff members:

Additionally, some optional or early access features that require Shopify Support's assistance to activate must be requested by the store owner.

Can’t find the answers you’re looking for? We’re here to help.