Sensitive permissions
As the store or organization owner, you automatically have permissions that let you access private store data, such as your personal banking information, other financial information, and customer data. These permissions are known as sensitive permissions. As you grow your business, you might want to delegate certain tasks to staff members that require them to have access to your private store data.
Giving sensitive permissions to your users provides the following benefits:
- Spend less time managing your business, and spend more time developing your business.
- Delegate some workflows, such as GDPR requests, and updating payment settings.
- Feel more confident about activating 2-step authentication for your account, therefore, making your account less vulnerable.
- Distribute sensitive tasks across several staff members to ensure that no one staff member's account is vulnerable.
- Release ownership of your store without complications.
Sensitive permissions
Some store-level and organization-level permissions expose private store data.
| Permission | Role category |
|---|---|
| Customers > Request data | Store |
| Finance > Edit billing payment methods and pay invoices | Store |
| Finance > Manage other payment settings | Store |
| Business entities > View > View sensitive information | Organization |
Roles with sensitive permissions
Some roles that are managed by Shopify have access to sensitive permissions. These roles are managed by Shopify and can't be modified.
Store-level and organization-level administrator roles grant access to sensitive permissions for your store or organization. If you have an organization with different store owners, then the store owners also have complete access to any stores that they own. Learn more about administrator roles and owner roles.