E-Commerce Role Based Access Control Management

Setting up E-Commerce Role Based Access Controls

Safeguarding your business assets is imperative and the segregation of duties can help you achieve better internal controls. This blog post further examines role based access control management from the e-commerce perspective. We will review the setup of the store manager for an e-commerce system.

Review E-commerce Store Manager Setup

For the purpose of this sample setup, the store manager will have functionality to oversee and perform all transactional data and reporting. The store manager will not be setup for system settings which includes making changes to tax rules and payment gateways. In addition, the store manager will not be permitted to delete any records.

1. Select Store Access including Orders, Coupons and Reports


Setup settings and system status are not required for our store manager to do his/her job. Restricting these features safeguards and controls payment gateways, tax rules, shipping calculations, and much more. Disallowing the setting options mitigates risk by removing the potential opportunity to make changes to features outside of the mangers role.


2. Review Product Setup Options and Ensure No Restrictions Exist


All options under the products tab are made available based on the manager's role configuration and company policy.


3. Review Additional Product Options


The above features will provide additional settings that will help the store manager increase sales through functions like product specific Search Engine Optimization and on-page sharing. Therefore, these product options will not be restricted to the store manager.


2. Review All Other Settings

woocommerce-user-role-access-setup-04-manage-store-access woocommerce-user-role-access-setup-04-read-edit-delete-post-optionswoocommerce-user-role-access-setup-06-coupon-management

By default, the above list of functionality comes with all options enabled. Under our configuration, we will make some changes to the store manager's role by removing functionality. We will remove all deletion capabilities to ensure that all data is available for audit purposes. Other roles such as purchaser and inventory manager can be configured to ensure duties are segregated. Using IT system controls is an effective way of enforcing segregation of duties and internal controls policies.


Your Path to Success Could Be One Phone Call Away With a Local Marketing Expert
During your 15-minute exploratory chat, there's nothing to buy, but you can share your story about what's going on with your local marketing. We'll share with you what's working, see if and how we may be able to help and answer all of your local search engine optimization questions.
Secure Your Session in One of Our Limited Time Slots
Yes, I Want To book a Free Call Now
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram