- Documentation >
- Permissions >
- Policies
Policies
Policies are the main building block of the permissions system.
Each role you assign to user or user group consists of policies which define, which parts of the application or website the user has access to.
Available policies
Access to all functions
Module |
Function |
Effect |
Possible limitations |
* |
* |
all modules, all functions: grant all available permissions |
|
Tip
For each module, all functions can be given without limitation.
For example, content/*
gives access to all functions of the content
module, even future ones.
Administration and user management
Activity log
Module |
Function |
Effect |
Possible Limitations |
activity_log |
read |
access activity list |
ActivityLogOwner |
AI actions
Module |
Function |
Effect |
Possible Limitations |
action_configuration |
view |
view AI Action |
|
|
create |
create a new AI action |
|
|
edit |
edit an AI action |
|
|
delete |
delete an AI action |
|
|
execute |
execute an AI action |
|
Customer groups
Module |
Function |
Effect |
Possible limitations |
customer_group |
create |
create a customer group |
|
|
delete |
delete a customer group |
|
|
edit |
edit a customer group |
|
|
view |
view customer groups |
|
Personalization
Module |
Function |
Effect |
Possible limitations |
personalization |
edit |
modify scenario configuration for selected SiteAccesses |
Personalization access |
|
view |
view scenario configuration and results for selected SiteAccesses |
Personalization access |
Roles
Module |
Function |
Effect |
Possible limitations |
role |
assign |
assign roles to users and user groups |
|
|
create |
create new roles |
|
|
delete |
delete roles |
|
|
read |
view the roles list in Admin. Required for all other role-related policies |
|
|
update |
modify existing roles |
|
Setup
Module |
Function |
Effect |
Possible limitations |
setup |
administrate |
access Admin |
|
|
install |
unused |
|
|
setup |
unused |
|
|
system_info |
view the System Information tab in Admin |
|
Sites
Module |
Function |
Effect |
Possible limitations |
site |
change_status |
change status of the public accesses of sites to Live or Offline in the Site Factory |
|
|
create |
create sites in the Site Factory |
|
|
delete |
delete sites from the Site Factory |
|
|
edit |
edit sites in the Site Factory |
|
|
update |
update sites in the Site Factory |
|
|
view |
view the "Sites" in the top navigation |
|
Users
Module |
Function |
Effect |
Possible limitations |
user |
activation |
unused |
|
|
invite |
create and send invitations to create an account |
|
|
login |
log in to the application |
|
|
password |
unused |
|
|
preferences |
access and set user preferences |
|
|
register |
register using the /register route |
|
|
selfedit |
unused |
|
Commerce
Cart
Module |
Function |
Effect |
Possible limitations |
cart |
create |
create a cart |
CartOwner |
|
delete |
delete cart, for example, after successful checkout |
CartOwner |
|
edit |
change cart metadata (name, currency, owner), add/remove cart items |
CartOwner |
|
view |
view a cart |
CartOwner |
Checkout
Module |
Function |
Effect |
Possible limitations |
checkout |
create |
create new checkout, for example, after workflow fails to complete |
|
|
delete |
delete checkout, for example, after workflow completes successfully |
|
|
update |
change currency, quantity |
|
|
view |
access checkout |
|
Currencies and regions
Module |
Function |
Effect |
Possible limitations |
commerce |
currency |
manage currencies |
|
|
region |
manage regions |
|
Orders
Payments
Payment methods
Module |
Function |
Effect |
Possible limitations |
payment_method |
create |
create a payment method |
|
|
delete |
delete a payment method |
|
|
edit |
modify a payment method |
|
|
view |
view payment methods |
|
Segments
Segment groups
Module |
Function |
Effect |
Possible limitations |
segment_group |
create |
create segment groups |
|
|
read |
load segment group information |
|
|
remove |
remove segment groups |
|
|
update |
update segment groups |
|
Shipments
Shipping methods
Module |
Function |
Effect |
Possible limitations |
shipping_method |
create |
create a shipping method |
|
|
delete |
delete a shipping method |
|
|
update |
modify a shipping method |
|
|
view |
view shipping methods |
|
Content management
Content
Content types
Module |
Function |
Effect |
Possible limitations |
class |
create |
create new content types. Also required to edit exiting content types |
|
|
delete |
delete content types |
|
|
update |
modify existing content types. Also required to create new content types |
|
Sections
Module |
Function |
Effect |
Possible limitations |
section |
assign |
assign Sections to content |
content typeSectionOwnerNew Section |
|
edit |
edit existing Sections and create new ones |
|
|
view |
view the Sections list in Admin. Required for all other section-related policies |
|
Object States
Taxonomy
Module |
Function |
Effect |
Possible limitations |
taxonomy |
assign |
tag or untag content |
|
|
manage |
create, edit, and delete tags |
|
|
read |
view the Taxonomy interface |
|
Workflow and version comparison
Module |
Function |
Effect |
Possible limitations |
comparison |
view |
view version comparison |
|
workflow |
change_stage |
change stage in the specified workflow |
Workflow Transition |
PIM
Catalogs
Module |
Function |
Effect |
Possible limitations |
catalog |
create |
create a catalog |
|
|
delete |
delete a catalog |
|
|
edit |
edit a catalog |
|
|
view |
view catalogs |
|
Products
Product types
Module |
Function |
Effect |
Possible limitations |
product_type |
create |
create a product type, a new attribute, a new attribute group, and add translation to product type and attribute |
|
|
delete |
delete a product type, attribute, attribute group |
|
|
edit |
edit a product type, attribute, attribute group |
|
|
view |
view product types, attributes and attribute groups |
|
Combining policies
Policies on one role are connected with the and relation, not or, so when policy has more than one limitation, all of them have to apply.
If you want to combine more than one limitation with the or relation, not and, you can split your policy in two, each with one of these limitations.