How to create secure and restricted access on PrestaShop?
Throughout the life cycle of your website, many people are likely to intervene from your back office. For security reasons, and to prevent potential irreversible errors, it is very important to manage profiles and permissions in order to allow access only to the necessary elements for each participant.
For this, PrestaShop provides a profile management via the creation of employee accounts by email address and password. This management allows an advanced customization of these permissions to ensure the security of the site.
1. PrestaShop account management
The first thing to do is to determine the number of employee accounts you will need to create. For example, you can create an account for each person within your company who will need access to the back office.
Then, depending on the external contributors, you can create an account for each of them: development agency, webmarketing agency, etc.
We are going to show you, step by step, the different steps of creation. We will use the latest version of PrestaShop (PrestaShop 1.7). The differences with older versions are mainly differences in the naming of elements.
Go to CONFIGURE > Advanced Parameters > Team
Here, several tabs are available to you. The one that interests us here is the “Employees” tab. It is from this tab that you can add a new employee.
Click on the “+” at the top right of your screen to add a new employee. You will then be able to create a new account by filling in the following information:
- First name
- Last Name
- Email address
- Permission profile
By filling in the first and last names correctly, you will know exactly who made the changes to the site.
The address and password will allow the employee to log into the back office.
The permission profile will determine which parts of the back office will be accessible to the user. This is the most important setting.
2. Profile management on PrestaShop
The management of profiles is done in the second tab (Profiles) of the PrestaShop Team page. Here, you will be able to categorize the different employee accounts created. By default, the Super Admin has access to all the tabs of the administration menu of your site. You can then restrict the possibilities of actions by profile type.
PrestaShop offers by default four profiles that can be used as such:
SuperAdmin: he has all the access and installation rights on PrestaShop as we have seen above
Logistician: this type of profile will be able to access the orders, the carriers and the stock management pages. The rest of the site will not appear when he connects.
Translator: this type of profile will be able to access products, categories and CMS content.
Salesman: This type of profile will be able to access products, categories, CMS contents, customer pages and most importantly, modules and web services.
These profiles are quite effective and sufficient to manage your company’s internal permissions. But, there is a lack for external contributors, who need personalized and varied access to certain elements of the site.
You are free to create custom profiles for each person. An SEO contributor will surely need access to modules in addition to the catalog, as well as to the advanced parameters of the site for example.
In order to manage the different permissions of each profile, we will focus on the last tab of the Team page: permissions.
3. Permission management on PrestaShop
Profile permissions are the access and actions allowed for each profile created. If the default profiles of PrestaShop have presets, you can still customize them via this tab.
For newly created profiles, all access permissions will be set from this tab.
The only profile for which the permissions cannot be modified is the Super Admin profile.
For each of the other profiles, you will be able to manage access in a very precise way according to the following permissions:
We advise you to take the necessary time to customize these permissions to avoid unpleasant surprises. Avoid giving editing or deleting permissions to too many people in order to keep total control over the security of your site. Prefer view and add access for everything related to the catalog.
Once all these elements are configured, you can return to the first tab “Employees”. Go to each account to determine the “Permission profile” field, where you can select the previously created profiles for which you have managed all permissions and authorizations.
Managing secure access is only the first step in maintaining the security of your site. In fact, we advise you to have each participant work on a secure clone of your store, regardless of their profile. For this, we recommend the Parachute solution which will also allow you to follow all the modifications made on this pre-production environment, in order to validate them before their publication on your online site. You will thus avoid many bad surprises!