An Admin Group is a set of Users who work with you. The Everyone Group is a default Group that all can belong to. Depending on your needs, you can create additional Admin Groups, each with different access to the
Pressero system.
To create a new User Group, select the “Add New Group” link. To edit a Group, select the pencil icon beside the Group Name.
◦ In Preferences > Admin Groups, you can create special Groups of Users that have limited access to the Pressero Administration area. Some Admin Groups can be permitted to add and edit the Pages of your Sites, or set Broker controls, or view orders from all customers, etc.
◦ Sites also have a Site Groups control, specific to that Site.
Four Permission Principles
1. Avoid using Deny. In most cases, use Not Set instead. Not Set means the permission is Off.
2. Permissions can apply across Groups.
• A "Not Set" permission means the user is not granted the permission unless Allowed in another group they belong to. When the User is a member of two Groups with one group set to Allow and the
other set to Not Set, Allow will over ride Not Set.
• A "Denied" permission is ALWAYS denied. When the User is a member of two Groups with one group set to allow and the other set to Deny, Deny will over ride Allow.
3. Higher (stronger) level permissions when Denied will override lower level permissions that are Allowed.
For example, if the higher level "Can manage sites" is Not Set or Denied, and it's lower level "Can manage content pages" is Allowed, the group member will not be able to change content pages.
4. A permission Allowed at a higher (stronger) level will grant all permissions underneath it unless they are set to Denied.
5. Permissions can be granted globally (all sites), or on a per site basis instead. For example, you can have an Admin Group named "Bluestore Admins" where "Can manage sites" is Allowed only for the Bluestore site. That way the Bluestore Admins group can do everything for the Bluestore site, but nothing for the Redstore site. Store specific permission settings like this are done in the store's admin area (Sites > Site Groups > Admin Groups). See more site specific examples below
Permission Levels for Admin Groups
The more indented a permission is below, the "stronger" (i.e., higher) level it is. Remember, a permission
Allowed at a higher level will grant all permissions underneath it except those set to Denied. A permission Denied at a higher level will deny all permissions underneath it, regardless of whether those permissions are Allowed.
1. Can manage all subscriber settings
(a) Ability to Manage Settings(b) Can manage all users (c) Can manage brokers (d) Can manage sites
i. Can manage inventory stock items and transactions ii. Can view and edit orders
A. Can view orders
iii. Can manage content pages iv. Can manage products v. Can manage promotions vi. Can manage site menus
Referring to the hierarchy above, if 1. is set to Denied, then any Allowed permissions for a-d, and i.-vi. will be ignored and be Denied instead.
• So if the higher level 1. "Can view and Edit orders" is set to Denied, a lower level 1 (d) ii. A. "Can view orders" set to Allowed will be over ridden. The Group member will not be able to view orders, nor edit them.
• Likewise, if 1 (d) iv. "Can manage products" is set to Allowed, but the higher level 1 (d) "Can manage sites" is set to Denied, Allowed will be over ridden and the Group member will not be able to add or edit products.
On the other hand, if 1. is set to Not Set, then permissions for (a-d), and i.-vi. that are Allowed will be used. "Not Set" in this context is treated as a conditional "Denied, unless it is Allowed"
• So if "Can view orders" is set to Allowed, but "Can view and Edit orders" is set to Not Set, Allowed will be used and the Group member will be able to view orders, or edit them.
• Likewise, if "Can manage products" is set to Allowed, but it's higher level "Can manage sites" is set to
Not Set, the Group member will be add or edit products.
Permissions that are being Allowed will display a green background. Permissions explicitly Denied will display a red background, while Not Set will display a white background because it is a conditional "Not Allowed".
Store Specific Admin Permissions Example Scenario:
Two stores: Bluestore.com and Redstore.com
Four Admin Groups: "Owner", "Order CSRs", " Bluestore Admins", "Blue Nonpromos"
Below are Admin Group Permissions:
(see Permission Levels for Admin Groups above for numbering hierarchy) Owner Group ( allowed to do everything)
1. "Can manage all subscriber settings" - Allowed (this will be global - all sites) (a)-(d), and i.-vi. permissions - Not Set
The practical result is members of the Owner Group are allowed to do everything Order CSRs Group (view and edit any order regardless of site)
(a). "Ability to Manage Settings" - Allowed (this will be global - all sites) ii. "Can view and edit orders" - Allowed (this will be global - all sites) All other permissions - Not Set
This means that Order CSRs can view and edit any order regardless of site. They also can set their own password.
Bluestore Admins Group (can manage every aspect of Bluestore, but nothing in Redstore) (a). "Ability to Manage Settings" - Allow (this will be global - all sites)
(d). "Can manage sites" - Not Set in Preferences, Allowed in Bluestore site only (set at Sites > Bluestore > Site Groups > Admin Groups)
All other permissions - Not Set
This means that Bluestore Admins can manage every aspect of Bluestore, but nothing in Redstore. They also can set their own password. They cannot manage Admin users, brokers, pricing engines, etc.
Blue Nonpromos Group
(a). "Ability to Manage Settings" - Allow (this will be global - all sites)
(d). "Can manage sites" - Not Set in Preferences, Allowed in Bluestore site only (set at Sites > Bluestore > Site Groups > Admin Groups)
v. "Can manage promotions" - Not Set in Preferences, Denied in Bluestore (set at Sites > Bluestore > Site Groups > Admin Groups)
All other permissions - Not Set
This means that Blue Nonpromos can manage every aspect of Bluestore EXCEPT promotions. Nothing on Redstore. They can also set their own password. They cannot manage Admin users, brokers, pricing engines, etc.