User Roles

Your organization most likely employs individuals with expertise in various areas of eCommerce, and they may all need different levels of access to Admin. Roles define a user's level of access in the form of behaviors. There are several default roles that come with Admin, but you can also create custom roles to better fit the needs of your organization.

Note that changes to these settings may not immediately take effect when processing orders. It may take up to 15 minutes for updates to be reflected in the system while the cache refreshes.

How Roles Work

A role is a title given to a user that determines what their account permissions ("behaviors") are. There are a set of default roles that come configured with the Kibo platform, and each role has a set of assigned behaviors already enabled for its users. These behaviors are often the ability to Create, Read, Delete, and Update different datapoints such as products, discounts, promotions, etc.

View all roles under the Roles link in the Permissions tab of the homepage or go to System > Permissions > Roles from the Kibo homepage or elsewhere in Admin. Click a role to view its behaviors, or create a new role.

The Roles page

Create a Role

To create a custom role:

  1. Go to System > Permissions > Roles.
  2. Click Create New Role.
  3. Enter a Name for the role.
  4. Choose a Behavior Category.
  5. Under the Behavior Name heading, select the behaviors you want to add to the role. A summary of the selections for all behavior categories is displayed on the right, under the Selected Behavior heading.
  6. Click Save.The Create New Role module with example selections for Customer and Purchase Order behaviors

Default Roles

Kibo eCommerce comes with default roles that define a user's eligible level of access in Admin in the form of behaviors. You can use these roles to assign responsibilities to members of your organization. 

Default Role List


The default Admin roles and their behaviors are listed below.

  • Admin
    • The Admin role has all the same behaviors of the SuperAdmin role except for the following: Product Code Change, Admin User Create, Admin User Update, Admin User Delete, User Role Create, User Role Update, and User Role Delete.
  • Catalog Manager
    • Product: Product Create, Product Read, Product Update, Product Delete, Product Category Create, Product Category Read, Product Category Update, Publish Product Changes
    • Site: Site Create Content, Site Read Content, Site Update Content, Site Create Document List, Site Read Document List, Site Update Document List, View Live Content
    • User: Admin User Read, User Role Read, User Assign Roles
    • Extensibility: Extensibility Create, Extensibility Read, Extensibility Update, Extensibility Delete
    • Location: Location Read
  • Content Manager
    • Product: Product Read, Product Category Read
    • Site: Site Create Content, Site Read Content, Site Update Content, Site Delete Content, Site Create Document List, Site Read Document List, Site Update Document List, Site Delete Document List, Publish Content Changes, View live content
    • Channel: Channel Read
    • Location: Location Read
  • Customer Manager
    • Site: View live content
    • Customer: Customer Create, Customer Read, Customer Update, Customer Delete
  • Extension Log Reader
    • Tenant: Log Read Behavior
  • Fulfillment Agent
    • Site: View live content
    • Order: Order Read, Order Update - All, Order Ship
    • Extensibility: Extensibility Create, Extensibility Read, Extensibility Update, Extensibility Delete
    • Location: Location Read
  • Inventory Manager
    • Product: Product Create, Product Read, Product Update, Product Delete
    • Site: View live content
    • Location: Location Read
  • Location Manager
    • Site: View live content
    • Order: Order Read, Order Update - All, Order Ship
    • Location: Location Create, Location Read, Location Update, Location Delete
  • Order Manager
    • Product: Product Read
    • Site: View live content
    • Customer: Customer Create, Customer Read, Customer Update, Customer Delete
    • Payment: Payment Create, Payment Read, Payment Update, Payment Delete
    • Order: Order Create, Order Read, Order Update - All, Order Delete, Order Cancel, Order Apply Payment, Order Ship
    • Extensibility: Extensibility Create, Extensibility Read, Extensibility Update, Extensibility Delete
    • Location: Location Read
  • Promotion Manager
    • Product: Product Read, Product Category Read
    • Site: View live content
    • Discount: Discount Create, Discount Read, Discount Update, Discount Delete
    • Channel: Channel Read
    • Extensibility: Extensibility Create, Extensibility Read, Extensibility Update, Extensibility Delete
    • Location: Location Read
  • Report Super User
    • Reporting: Report Read, Report Definition Read, Report Definition Update, Report Definition Create, Report Definition Delete
  • Report Reader
    • Reporting: Report Read
  • Sales Representative
    • B2B Account: B2B Account Create, B2B Account Delete, B2B Account Read, B2B Account Update
    • Customer: Customer Read, Customer Update
    • Extensibility: Extensibility Read
    • Order: Order Read
    • Purchase Order: Purchase Order Read, Purchase Order Create, Purchase Order Update
    • Price List: Read Price List
    • Quote: Quote Create, Quote Delete, Quote Read, Quote Update
    • User: Shopper User Read, Shopper User Create, Shopper User Update, Shopper User Delete
    • Wishlist: Wishlist Read
  • Site Designer
    • Product: Product Read, Product Category Read
    • Site: Site Create Content, Site Read Content, Site Update Content, Site Delete Content, Site Create Document List, Site Read Document List, Site Update Document List, Site Delete Document List, Publish Content Changes, Site Update Theme, View live content
    • Channel: Channel Read
    • Location: Location Read
  • Site Reviewer
    • Site: Preview Changes before they're published, View live content
  • SuperAdmin
    • The SuperAdmin role has all behaviors in Kibo eCommerce (including Override Order Update Restriction), except for Customer Password Update, Report Read, and Report Definition Update.

You cannot change any default roles. If you want to change a default role, you must create a custom role and add any required user behaviors to the custom role. This guide demonstrates how to do these tasks in the user interface, but the User Management APIs can also be used to manage roles and user accounts.

Fulfiller Roles

To support order management, additional fulfillment-related roles have been created. These are Fulfillment Manager and Fulfillment Employee roles that come in two types: global and location-specific. Globals are available by default, while location-specific roles are treated like custom roles but are automatically generated for each location that is created in Admin. These custom roles have permissions based on the global versions, but the permissions can be customized on a location basis if desired.

Close-up of global and location-specific roles

Employees can only fulfill shipments, while managers can both fulfill shipments and manage employees. Global managers and employees have access to this information for all locations, while location-specific users can only view the shipments (and other users, if a manager) from the location they are assigned to.

Managers can assign employee and manager roles to users they have access to, which means that they can upgrade an employee to a manager. However, only global managers can assign the global versions of these roles - if they are location-specific then they can only assign location-specific employees and managers.

  • Global Fulfillment Manager
    • Site: View live content
    • Channel: Channel Read
    • Location: Location Read
    • Order: Order Read, Order Update – All, Order Ship
    • SettingsOrder: Order Settings Read
    • User: Admin User Read, Admin User Create, Admin User Update, User Role Read
  • Global Fulfillment Employee
    • Site: View live content
    • Channel: Channel Read
    • Location: Location Read
    • Order: Order Read, Order Update – All, Order Ship
    • SettingsOrder: Order Settings Read

In a case where multiple roles are assigned to a user, the one with broader access takes precedence. For example, a user could have the role of both a Store Employee that can fulfill shipments at Location A and a StoreAdmin that can fulfill shipments at Locations A, B, and C. But this makes the Store Employee role redundant and so the user will have the access of a StoreAdmin.

Managing Order Routing Access

Access to the Order Routing application is not granted by a dedicated order routing user role, but rather by a behavior that can be assigned to existing roles. This behavior is called "Order Routing" and is included with the Admin and SuperAdmin role by default.

These users are able to view the Order Routing tile on the Kibo homepage and access the application with read/write permissions to manage routing rules.

Role Behaviors

To view each role's assigned behaviors:

  1. Go to System > Permissions > Roles.
  2. Select the role whose behaviors you wish to view.
  3. The role's assigned behaviors appear in the View Role modal.

Behaviors available to be assigned in the Kibo Admin include all behaviors in the first table in this application guide, as well as the Admin-specific behaviors shown here. Note that only Report Read and Report Definition Update are necessary to enable full read and edit capabilities for Reporting.

Behavior CategoryBehavior Description
AccountAccount Install App Install apps to the account
AccountAccount View Statement View account statement details
CampaignCampaign CreateCreate a campaign
CampaignCampaign ReadView campaign details
CampaignCampaign UpdateChange campaign details
CampaignCampaign DeleteDelete existing campaigns
EventSubscriptionsCreate Event Subscriptions Create event subscriptions
EventSubscriptions
Delete Event Subscriptions Delete event subscriptions
EventSubscriptions
Read Event Subscriptions View event subscription details
EventSubscriptions
Update Event Subscriptions Change event subscription details
Installed ApplicationDelete installed applications Delete installed applications
Mobile NotificationMobile Notification Read View an existing mobile notification
Mobile NotificationMobile Notification Create Create a new mobile notification
PaymentUpdate Payment Settings Change the payment settings
ProductCreate inventory Create inventory
ProvisioningCreate and Delete Sites and Master Catalogs and Catalogs Create and delete sites, master catalogs, and catalogs
ReportingReport Read View all reports
ReportingReport Definition Read
Read existing report definitions (deprecated)
ReportingReport Definition Update Edit, schedule, or create report definitions
ReportingReport Definition Create
Create new report definitions (deprecated)
ReportingReport Definition Delete
Delete existing report definitions (deprecated)
TenantSite Update Theme Change a site's theme
TenantTenant Update Change tenant details
TenantTenant Delete Delete a tenant
UserAdmin User Delete Delete existing Admin users
UserUser Assign Roles Assign users to roles
UserUser Role Create Create new Admin roles
UserUser Role Delete Delete existing Admin roles
UserUser Role Update Change existing Admin role behaviors