In this section, you will learn how to manage the roles for admins.

Roles overview

The Open Loyalty platform uses roles and permissions to create different levels of access to the Admin Cockpit. When your platform is first installed, you receive a Super Admin role that has full permissions and gives you full administrative access.

However, you can restrict the permissions for other Admin users who work with you. For example, Customer Service may only have access to the Members section, but not to areas with settings.

Due to changes in ACL, someone with limited access to certain parts of Open Loyalty can receive error 403 on these pages.


To give someone restricted access to the Admin, the first step is to create a role that has the appropriate level of permissions.

After the role is saved, you can add new Admins and assign the restricted role to grant them limited access to the Admin.

If an Admin user’s access is restricted to specific sections and/or elements, the sections and elements for which they are not authorized will either not be visible to them, or grayed out as inactive.

To open the Roles list, go to Settings -> Roles. You can change the number of rows displayed per page by clicking on the arrow icon below the table and picking a handy number from the list. Here you can either add a new role by clicking on the adequate button or manage previously created roles.

Adding new Role

To add a role:

  1. Go to Settings -> Roles

  2. Click on the + ADD ROLE button. Then you will find yourself on the 'Add role' screen.

You need to grant the View - Stores permission for any newly created role (ny clicking +ADD PERMISSION). Without this permission, an admin assigned to this role will be unable to use the platform after logging in.

Access to specific Tenants can be restricted using the Add Tenant function, which is explained in more detail later in the documentation.

  1. From this unit, you need to fill in all required fields:

  • Please add a descriptive role name.

  • Switch the Default toggle button to the active state (it will change color to purple). If a role is set as default, it will be assigned to any admin user created by logging in by LDAP.

  • Click on the +ADD PERMISSION button:

    • set Access level of permissions to one of the following:

      • Modify user can do anything in platform-specified sections and/or elements

      • View users can only read and display the platform-specified sections and/or elements

    • in Resource select from the dropdown Admin Cockpit resource that the role can be specified in the previous step Access

    • in the Query filter which is optional, you can add a regex filter for URL requests (ex. /^\api\/campaign\/bought$/)

    if you would like to remove created permission - you can click on the 'X' button.

  • Clicking on the 'Add Tenant' button will expand the list with available tenant options - where you can pick the one you want. If you would like to remove the added tenant just click on 'X' on the chip with the tenant's name.

Managing roles

To manage already created roles click the overflow button (the three-dots). A short list with 2 options will pop out. Here you can edit or delete already created roles.

  • When you click Delete a confirmation pop-up window will appear where you will need to confirm your action. Please keep in mind that this operation can not be undone.

  • When you click Edit you will find yourself on the edit screen, where you can expand or restrict the role's permissions respectively or add/delete the related tenant.

Last updated