# Roles

## Overview

Roles define what an admin can **view** and **modify** in the Admin Panel.\
Use roles to give teams the access they need, and nothing else.

When your tenant is created, you get a **Super Admin** role with full access.\
Create additional roles for Support, Marketing, Operations, partners, and more.

Create the role first.\
Then assign it to admins.

{% hint style="info" %}
With restricted roles, some pages can return **403** when access is missing.
{% endhint %}

* **View** permissions let admins read data only.
* **Modify** permissions let admins create, edit, and delete data.
* Anything not granted is hidden or disabled (grayed out).

<figure><img src="https://2658975168-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FcNVX03KZzmrGwJihLiEx%2Fuploads%2Fk7Ji6r1Oo91whh3F94ns%2Fimage.png?alt=media&#x26;token=9b974136-8697-4841-8940-4a4031d0e20c" alt=""><figcaption></figcaption></figure>

***

## 🛠️ Step-by-Step Setup

Follow these steps to create a role and grant access.

{% stepper %}
{% step %}

### Navigate to Roles

1. Go to **Settings → Roles**.
2. Click **+ ADD ROLE**.
   {% endstep %}

{% step %}

### Fill in basic details

* **Role name**
* **Default** (optional) for LDAP-created admins
  {% endstep %}

{% step %}

### Add permissions

1. Click **+ ADD PERMISSION**.
2. Pick **Access**: `View` or `Modify`.
3. Pick a **Resource**.

{% hint style="warning" %}
Always grant **View - Stores** for new roles.\
Without it, assigned admins can’t use the Admin Panel.
{% endhint %}
{% endstep %}

{% step %}

### (Optional) Restrict tenants

Use **Add tenant** to scope the role to specific tenants.\
Only **Super Admin** can manage tenant assignment.
{% endstep %}

{% step %}

### Save and assign the role

1. Save the role.
2. Assign it in **Settings → Admins**.
   {% endstep %}
   {% endstepper %}

<figure><img src="https://2658975168-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FcNVX03KZzmrGwJihLiEx%2Fuploads%2FmtnrUwRUfHWfIAysZxD1%2Fimage.png?alt=media&#x26;token=4f84b53a-7eba-4c2f-bc7c-5e304863d5ea" alt="" width="563"><figcaption></figcaption></figure>

***

## ✏️ Manage roles

{% stepper %}
{% step %}

### Open the role menu

In the Roles table, open the **⋮** menu.

<div align="center"><figure><img src="https://2658975168-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FcNVX03KZzmrGwJihLiEx%2Fuploads%2F5mP9P0aipwhmXRHS25dX%2Fimage.png?alt=media&#x26;token=076e658d-4d97-441a-a617-314188cdc123" alt="" width="248"><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

### Edit

Use **Edit** to change permissions and tenants.
{% endstep %}

{% step %}

### Duplicate

Use **Duplicate** to copy a role and adjust it.
{% endstep %}

{% step %}

### Delete

Use **Delete** to remove a role.\
This can’t be undone.

{% hint style="info" %}
If admins use the role, reassign them first.
{% endhint %}
{% endstep %}
{% endstepper %}

***

## ✅ Best practices

* Start with `View`. Add `Modify` only when needed.
* Create roles per team. Keep them small.
* Test access with a restricted admin before rollout.