Permissions
Enabling individual permissions for a role, and then enabling configured roles for users, is an easy process in the Order Management System (OMS) Admin.
Managing permissions
In the Permissions section of the System menu you can access both the Users view, where you create a new user, and the Roles view, where you set permissions for a user. Both roles and users are fully configurable to meet your unique permissions needs.
Roles
A role defines which actions a user is able to execute within the system. Create roles first, then assign the roles you created to new or existing users.
Hierarchy
An administrator should be granted a role with a value of 1 in the Hierarchy field, which gives them the permissions to create additional roles for others as needed.
With this permission they have the access to define role names and check permissions for users per role.
The following rules apply to hierarchy levels:
- Roles with a hierarchy of
1have the ability to view other roles with a hierarchy of1, as well as all roles with a hierarchy greater than1. - Roles with a hierarchy of
2are not able to view roles with a hierarchy of1or other roles with a hierarchy of2. They can only see roles with a hierarchy of3. - Roles with a hierarchy of
3are not able to view any roles in the Roles view.
Once roles have been defined (see the Add a role section below) a new user can be created and assigned to the role.
Add a role
To add a new role:
- Click System > Roles.
-
Click Add Role.
- Add a name for this role and set the hierarchy.
- Tick the applicable Resources section options for this role.
-
Tick None, All Sales Channels, or Specific Sales Channels to select which, if any, sales channels this role should have access to.
If Specific Sales Channels is selected, search for and select, or tick, the desired channel options and click Done.
If All Sales Channels is selected for a role and a new sales channel is created on the system, all users with this role will have access to it automatically without having to update the list of sales channel for that role
-
Click Create.
When you navigate back to the Roles page a list of all the Roles that have been created will be displayed.
Delete a role
To delete a role:
- Click System > Roles.
- Click Delete for the role you want to remove.
Modify a role
To modify an existing role:
- Click the name of the role in the left-hand column of the Roles page.
- Edit the Name, Hierarchy, Resources, or Stores options as desired.
- Click Update.
You cannot filter information by source and store, so you must define one of them. If a user has one or more sources selected as part of their defined role, all active pages as defined for the role will only show details for the selected sources.
Typically, omnichannel users are interested in source filters and single channels users are interested in store-level filters.
Users
A user is an individual that has a particular role within an specific environment. A user can perform actions based on their configured role, and they can see relevant information based on the permissions assigned to them via their role.
Once a new role is created you can create a new user and assign a role to the user.
When creating a user, it is important to specify which sources the user has access to: None, or Specific Sources.
If Specific Sources is selected, search for and select, or tick, the desired channel options and click Done.
If All Sources is selected for a user and a new source is created on the system, the user will have access to it automatically without having to update the list of sources for that user
For instance, a store associate role will most likely be interested in only seeing orders that have been sourced to their applicable source (the one designated for their store), so will only need access to that source.
You can add a user via:
- The OMS Admin panel.
- An uploaded template.
Add user through Admin panel
To add a user in the Admin panel:
- Click System > Users.
- Click Add User.
-
Fill in the following information per the user’s specifics:
- Copy from (optional)—Copy user information from an existing user
- User name–Create a user name
- E-mail—Add the user’s email
- Timezone—Configure the appropriate timezone
- Role—Choose their role, such as Super Admin, Admin, Store assistant, Customer service agent, etc.
-
Allow access Sources—Select the applicable sources for the user: None, All Sources, or Specific Sources. By default, None will be selected.
If you selected None, the user will not have access to any source and pages with source filtering capabilities will display an error message.
If you selected All Sources, there is no source restriction for the user. When a new source is created, the user will automatically have permissions to see related data for the pages they have access to.
If you selected Specific Sources, search for and select, or tick, the desired options and click Done.
When assigning sources to a user (or updating a current user), you will only see sources available for the User role you selected.
The new user will receive an email from the OMS Admin User Service containing a password reset link. To access the Admin interface, new users are required to reset their password.
When you navigate back to the Users page you will see a searchable list of all configured users, showing user name, e-mail, user role, and whether or not they are active roles.
Add/update user by uploading template
This option is ideal if you want to create many users at one time.
To add a user by uploading a template:
- Click System > Users.
- Click Upload users.
-
Click Download template and populate it with multiple user’s information to do a bulk upload and configuration of a set of users, or to update existing users.
CSV template file fields
Columns Description Example Important Username Name the user will use to access the UI storeAssistant21 Do not use spaces E-mail Email that will be use to manage the user’s account, reset the password, and send any email storeAssistant21@site.com - Enabled Defines whether user is active; for use in deactivating multiple users at the same time 1/0 Available values are 0 (not active) or 1 (active) Access all sources Define user access to all sources for this client to avoid having to select from many sources 1/0 Available values are 0 (source restriction) or 1; access to all sources requires ALL_SOURCES, accessTimezone Timezone in which the user is located UTC - Role Defines the actions the user can perform and available access to the UI Corporate Super Admin roles are for use by internal Magento users Sources Comma separated list of sources the user will have access to (external ID) WAREHOUSE, test-store Column must list external ID of sources Action Indicates whether you are updating or creating a new user Create/Update - 
-
Click Choose File, select your edited template, and click Upload.
The new users will receive an email from the OMS Admin User Service containing a password reset link. To access the Admin interface new users are required to reset their password.
You can also edit existing users by clicking Download CSV and editing the information as explained.
When you navigate back to the Users page you will see a searchable list of all configured users, showing user name, e-mail, User role, and whether or not they are active roles.
Configuration
Currently, there are two different permissions models: User Restriction Filter and Restriction based on both and Sources and Sales Channels settings.
User restriction filter
The UserRestrictionFilter configuration, for which the value can be source or store, will define which of the values will be used to filter the information in the Admin.
You cannot filter information by source and store, so you must define one of them. If a user has one or more sources selected as part of their defined role, all active pages as defined for the role will only show details for the selected sources.
Typically, omnichannel users are interested in source filters and single channels useres are interested in store-level filters.
Restrict Access Considering both, Sources, and Sales Channels settings
This new configuration allows for the flexible assignment of sources and channels.
OMS Admin pages are filtered based on User - source permissions and Role - sales channel permission when the new RestrictionBySourceAndSalesChannel configuration is enabled.
This is the filter applied to each page:
| By Source | By Sales Channel | By Source OR Sales Channel |
|---|---|---|
| Dashboard—(in-store pickup (ISPU), ship from store (SFS), Sales Operations, and Pending Arrival) Sales Reports—Pick declined System Fulfillment—Sources Product Inventory—Manual Stock Update |
Sales—Operations (Pre-order, Backorder, Exception & Sourcing Queue, and Refund intervention) | Dashboard—Operations dashboard Order details view Sales—Orders Customer Service—Orders |
It is easy to see when a page is filtered only by Source (column one) and only by Sales Channel (column two) but, what does it mean when a page is filtered by Source or Sales Channel (column 3)?
- We validate if the user has access to the Sales Channel of the order. If this validation fails, then we check the user access to any of the sources of the order by using the shipment requests.
- If a user has a role with access to the Sales Channel of the order, they will see the details of the entire order (regardless of their access to the source).
- If an order has at least one line that is ISPU with collection in the source, then the user will have access to the full order.
-
If an order has at least one line that is/was sourced to the source (and not pick declined) then the user will see the details of the entire order (regardless of their access to the source). If the shipment request was fully pick declined, it shouldn’t be considered.
Example: The Store A store associate, who only has access to source A and no Sales Channel can see orders that were allocated to source A. If the order is fully pick declined from source A, this store associate will not see it.
-
If a user has a role with no access to any Sales Channel and the order is in the “Pending First Shipment Request” status, the user will see a 403 error.
These definitions are enabled and configured in your System Integrator (SI) Portal, which is not yet accessible externally. Contact Magento Support for assistance.
Examples of typical configurations for different personas
| Role | Sources | Sales Channel | Filters |
|---|---|---|---|
| Omnichannel Manager | All | All | Sees everything |
| Sales Channel Manager or Customer Service Representative | No | 1 | - Sees only orders affected to his Sales Channel. - Will not use the store fulfilment screens. - The CSR has more restrictions on pages than the SCM. |
| Store Associate (Internal) | 1 | All | - Uses store fulfilment screens for their own store. - Will be able to see all the orders. - Sees the source inventory of all sources (if given access to the Source Stock page). |
| Store Associate (Franchise) | 1 | 1 | - Uses store fulfilment screens for theikr own store. - Sees only orders that are affect their store or were shipped/collected from their store (partially or fully). - Sees the source inventory of all sources (if given access to the Source Stock page). |
View un-sourced orders
In the past, if a role needed to have visibility to orders that have not yet been sourced (such as orders pending sourcing, backorders, and pre-orders) the role was required to have access to all Sales Channels/Sources.
To achieve this, there was a Allow access to all Sales Channels/Sources configuration in the user view, which allowed visibility to those orders without applying filters.
New clients will not have access to this configuration. They will use the new way of configuring User Roles and Permissions instead:
- Existing clients will have the configuration enabled but hidden in the OMS Admin. The AccessToAllSources option will be enabled (not the AccessToAllSalesChannels option, because it could give additional permissions to other users that the merchant does not want because the Sales Channels are configured at the role level instead of the user level).
- If an existing user with this enabled configuration changes from All to None or Specific User, the AccessToAllSalesChannelsAndSources option will be disabled and this user will need to use the new configuration.
- If an existing role with this enabled configuration changes from All to None or Specific Role, the AccessToAllSalesChannelsAndSources option will be disabled and this user will need to use the new configuration.
Available individual permissions
There are several different areas of permissions, as detailed in the sections and tables below.
Sales Management
| Manage orders | Access to the Sales > Orders page |
| Manage pre-orders | Access to see the Pre-order Dashboard |
| Export order data | Capability to export information XML/CSV in the Sales section |
| Manage payment authorizations | Permissions to enable visibility of the payment details of an order |
| Manage backorder | Access to see the OMS Admin Dashboard |
Customer Service
| Manage Orders | Access to the Customer service > Orders pages |
| Export order data | Capability to export information XML/CSV from the Customer service section |
| Cancel line | Display cancel button and allow cancellation of order lines |
| Request returns | Access and permission to manually request a return from the OMS Admin |
| Approve returns | Access and permission to manually approve a return if the flow is configured to require an approval |
| Approve refunds | Access and permission to manually approve a refund if the flow is configured to require an approval |
| Cancel refunds | Access and permission to manually cancel a refund if the flow is configured to require an approval |
| Request appeasement | Access and permission to manually request an appeasement of a specified amount |
| Request reshipment | Access and permission to request an order re-shipment |
| Request exchange | Access and permission to request an order exchange |
| Release refunds | Permission to request a release of a refund |
| Exchanges | Permission to request an exchange |
| Resend emails | Access and permission to resend any selected email |
See Customer Service user guide for more information on this OMS Admin page.
Order Modification
| Update Shipping Address | Capability to manually update shipping address |
| Update Custom Attributes | Capability to manually update custom attributes |
Stock Management
| Source Engine | Provides visibility to: - The queue of orders pending sourcing - The order exceptions pending sourcing as overdue |
| Manage inventory | Display the stock information for each SKU and source; the user can also see historical information for any stock change (such as past updates to the stock quantities) |
| Manage stock aggregates | Allows the user to display, create, and update the configured sales channels and stock aggregates. From the stock aggregates page the user can update which sources are associated to the aggregate (meaning will provide the stock to be aggregated for the final available to sell stock for the frontend provider). The safeties stock at aggregate level can be configured for each item status (default, outlet, end of life). |
| Manage sources | Access to create a new source, update existing source information, upload from a CSV a list of sources, and define the allocation waves per each source |
| Manual stock update | Allows a user to manually change the stock of any given SKU for a specific source from Admin for use for very specific updates, given the stock snapshot processes will override the manual changes |
Omnichannel Management
| Manage ship from store orders | Access to: Home page > Ship From Store Dashboard Dashboard > Ship From Store Dashboard Sales > Ship From Store |
| Manage ISPU orders | Access to: Home page > In-store Pickup Dashboard Sales > In Store Pick Up Sales > Orders: from this page on the pick list “view” page users will be redirected to the ISPU pick list Sales > Orders > Order overview: access to the pick list(s) from several links |
| Pending arrival | Access to: Sales > Pending arrival: required for Ship to Store (STS) |
| ISPU dashboard | Access to: Dashboard > In-Store Pickup (ISPU) Dashboard |
| ISPU Configuration | Access to: System > In-Store Pickup (ISPU) Dashboard: configurations to define pick and customer decline reasons |
Reports
| Reports | Access to download csv reports within a defined date range: - Master order - Shipments - Returns - Refunds |
Configuration
| Manage catalog | Provides visibility into all items and options created in the OMS catalog and allows to manually create new items/options. From the item page the user can see the stock available for the specific SKU for each one of the sources |
| Manage users | Access to: System > Users |
| Manage roles | Access to: System > Roles: users with permissions to this page will be able to update roles with the limitation of the hierarchy as a user will never be able to make a role with a higher hierarchy as his own. |
Internal Tools
| Developer Tools | - |
| Events | - |
| API Journal | - |
| Force Shipment | - |
| Force Soft Allocation | - |
| Extensions | - |