Got it 👍 PrestaShop Roles, Profiles & Permissions can feel confusing at first, so let’s break it down cleanly and practically (PrestaShop 1.7 & 8.x).
🔐 PrestaShop Roles, Profiles & Permissions (Explained Simply)
1️⃣ What is a Profile?
A Profile = a user role in the Back Office.
Examples:
- SuperAdmin → Full access
- Administrator → Almost full access
- Salesman → Orders & customers
- Translator → Translations only
- Logistician → Stock & carriers
📍 One employee = one profile
2️⃣ What is a Role / Permission?
A Role defines what a profile can do for each menu or module.
For every section, you can allow:
- 👁 View
- ➕ Add
- ✏️ Edit
- 🗑 Delete
3️⃣ Where to Manage Profiles?
Back Office → Advanced Parameters → Team → Profiles
Default Profiles
| Profile | Typical Access |
|---|---|
| SuperAdmin | Everything |
| Administrator | Almost everything |
| Salesman | Orders, Customers |
| Logistician | Stock, Carriers |
| Translator | Translations |
| Read only | View only |
4️⃣ Create a Custom Profile (Best Practice)
Example: “Order Manager”
- Go to Team → Profiles
- Click Add new profile
- Name it →
Order Manager - Save
5️⃣ Set Permissions (Very Important Step!)
Menu Permissions
Team → Permissions
- Select the Profile
- Configure permissions for:
- Catalog
- Orders
- Customers
- Modules
- Design
- International
- Advanced Parameters
Example:
| Section | View | Add | Edit | Delete |
|---|---|---|---|---|
| Orders | ✅ | ❌ | ✅ | ❌ |
| Customers | ✅ | ❌ | ❌ | ❌ |
| Modules | ❌ | ❌ | ❌ | ❌ |
📌 Tip: Start with View only, then allow more.
6️⃣ Module Permissions (Often Missed!)
Some modules have their own permissions.
📍 Path:
Team → Permissions → Modules
You can allow:
- View
- Configure
- Uninstall
Example:
- Sales team → Configure orders module
- Tech team → Configure payment modules
7️⃣ Assign Profile to Employees
- Go to Team → Employees
- Add / Edit employee
- Select Profile
- Save
👤 Employee is now restricted correctly
8️⃣ Customer Groups (Different from Profiles!)
⚠️ Important: Customer groups ≠ Employee profiles
Customer Groups:
Shop Parameters → Customer Settings → Groups
Examples:
- Visitor
- Guest
- Customer
- VIP / Wholesale
Used for:
- Discounts
- Prices
- Shipping rules
- Visibility
❌ They do NOT affect Back Office access
9️⃣ Real-World Recommended Setup
🔹 Store Owner
- Profile: SuperAdmin
🔹 Order Processing Staff
- Profile: Custom (Orders + Customers only)
🔹 Content Manager
- Profile: Custom (CMS, Products, Images)
🔹 Developer
- Profile: Admin (No orders/customers)
🔟 Security Best Practices 🔒
- Never give SuperAdmin to everyone
- Disable Modules access for non-tech staff
- Use Read-only for auditors
- Change default admin URL
- Enable 2FA (if module available)
⚠️ Common Mistakes
❌ Giving module access accidentally
❌ Forgetting module permissions
❌ Confusing customer groups with employee profiles
