Running an eCommerce store requires a lot of work and people. It goes the same for your online store. This is where WooCommerce user roles and capabilities come in. In our guide, we will discuss user roles and permissions in WooCommerce.
eCommerce stores are different from any regular WordPress sites. That is why WooCommerce added some extra roles to manage eCommerce sites built on WooCommerce. As users with particular roles have different capabilities, you need to know about the roles and their permissions to assign WooCommerce roles to any users.
Also, for some security reasons, you may need to edit WooCommerce user roles to limit and extend the capabilities of the assigned roles. Don’t worry! We are going to discuss all these in this article. Let’s get started.
What Are WooCommerce User Roles and Capabilities?
In WooCommerce, there are several user roles with different capabilities. You can add as many team members as you want to these roles.
Here’s a breakdown of the default user roles and their capabilities:
- Shop Manager: This role has full control over the store. They can manage products, orders, coupons, and other aspects of the shop. Shop Managers can also manage other users’ roles and capabilities.
- Customer: Customers are regular users who can browse products, place orders, and view their order history.
Apart from these default roles provided by WooCommerce, you can customize roles and capabilities using WordPress role manager plugins or custom code. For example, you might create custom roles such as “Wholesale Customer” with specific capabilities tailored to wholesale operations. Or maybe, you want to define the capabilities of the existing roles, you can do that too.
Are WooCommerce User Roles Different from WordPress Default User Roles?
As WooCommerce sites are different from regular WordPress sites, the roles are different, and also their capabilities. WooCommerce roles are specific to the eCommerce operation of the site. WordPress by default has some roles. The default roles in WordPress are:
- Administrator: Administrators have full control over the site. They can perform all administrative tasks, including managing plugins, themes, users, and settings. Administrators also can edit, publish, and delete any content on the site.
- Editor: Editors can publish, edit, and delete any posts, pages, and custom post types. They can also moderate comments, manage categories and tags, and upload files.
- Author: Authors can publish, edit, and delete their posts. They can also upload files and manage their profile.
- Contributor: Contributors can write and edit their posts, but they cannot publish them. Instead, their posts need to be reviewed and published by an editor or administrator.
- Subscriber: Subscribers have the most limited capabilities. They can only manage their profile by changing their password or email address. Subscribers cannot create or edit content on the site.
As WooCommerce stores are built on WordPress, all WooCommerce sites get the default WordPress roles, When WooCommerce is installed 2 more roles Shop Manager, and Customer roles are added to the list.
How to Add a Shop Manager to WooCommerce Store
Adding a Shop Manager to your WooCommerce store takes several steps. You can create a new user with the “Shop Manager” role in WordPress easily. Here’s how you can do it:
Go to the WordPress dashboard and navigate to ‘Users’ > ‘Add New’.
Fill in the user’s details, including username, email, and password, then set their role to ‘Shop Manager’.
Note: If you don’t have WooCommerce installed on your site, you won’t see the Shop Manager role in the dropdown.
Review the details, make sure to select the option to send the user notification email if needed, and click ‘Add New User’ to grant them Shop Manager access.
Difference Between Admin Roles and Shop Manager Roles in WooCommerce
The Administrator role in WooCommerce provides full access to all WordPress and WooCommerce functionalities, allowing users to manage themes, plugins, and core settings, and modify any user accounts and roles.
In contrast, the Shop Manager role is restricted to managing WooCommerce-specific functions, including handling products, orders, and viewing reports. Still, it does not have permission to modify themes, plugins, or core WordPress settings. This delineation ensures that Shop Managers can focus on e-commerce operations without accessing broader site administrative features.
Below is a table showcasing the differences in capabilities between the Administrator and Shop Manager roles in WooCommerce:
| Capability | Administrator | Shop Manager |
| Full Site Access | Yes | No |
| Plugin and Theme Management | Yes | No |
| Modify User Roles | Yes | No |
| Core WordPress Settings | Yes | No |
| WooCommerce Settings | Yes | Yes |
| Add/Edit/Delete Products | Yes | Yes |
| Manage Orders | Yes | Yes |
| View Reports | Yes | Yes |
| Handle Coupons | Yes | Yes |
| Change Site Design | Yes | No |
| Update and Manage Widgets | Yes | No |
| Security Settings | Yes | No |
| Install Plugins/Themes | Yes | No |
| Manage Other Plugins | Yes | No |
| Backup and Restore Site | Yes | No |
This table represents the permissions granted to each role, highlighting the full control Administrators have over the WordPress and WooCommerce environment compared to the more limited, WooCommerce-focused access granted to Shop Managers.
How to Add Custom User Roles to WooCommerce Store
Apart from the default roles, you can add a custom role to a WooCommerce store by utilizing WordPress hooks and functions. Here’s a step-by-step guide on how to do it:
Create the Custom Role: You’ll need to add a new role using WordPress’s add_role() function. This function should be executed during the activation of your plugin or theme, or as a one-time action when needed.
function add_custom_role() {
add_role(
'custom_role', // Role slug
'Custom Role', // Role name
array(
'read' => true, // Adjust capabilities as needed
'edit_posts' => true,
// Add more capabilities as needed
)
);
}
add_action('init', 'add_custom_role');This code creates a role named ‘Custom Role‘ with basic capabilities like reading and editing posts. You can adjust the capabilities array to match your specific requirements.
Assign Capabilities: You can assign capabilities to the custom role using the add_cap() function. This allows you to fine-tune the permissions of the role beyond the defaults.
function add_custom_role_caps() {
// Get the custom role object
$role = get_role('custom_role');
// Add capabilities
$role->add_cap('edit_products');
$role->add_cap('manage_woocommerce');
// Add more capabilities as needed
}
add_action('admin_init', 'add_custom_role_caps');This code adds additional capabilities to the ‘Custom Role’, such as editing products and managing WooCommerce settings. Adjust the capabilities according to your requirements.
Remove the Custom Role: If needed, you can remove the custom role using the remove_role() function. This should be executed during the deactivation of your plugin or theme or as a one-time action when needed.
function remove_custom_role() {
remove_role('custom_role');
}
register_deactivation_hook(__FILE__, 'remove_custom_role');This code removes the ‘Custom Role‘ when your plugin or theme is deactivated.
Make sure to replace ‘custom_role’ with your desired role slug and adjust capabilities according to your specific needs.
How to Add a Custom Role for WooCommerce Store With a Plugin
Apart from the default roles on your WooCommerce store, you can add a custom role with different capabilities with WordPress plugins.
You can use the User roles editor by FMEAddon for that. Get the plugin from the WooCommerce extension library. Install as you install any other plugin on your website.
Go to your WordPress dashboard > WooCommerce > FME User Roles, click on “Add role”
Now enable/disable capabilities to give or limit permission on different actions for that particular role.
How to Customize Capabilities of WooCommerce Roles
You can also modify the default WooCommerce role or edit any new role you may have created. For that, you need to install the User roles editor by FMEAddon plugin too.
Go to your WordPress dashboard > WooCommerce > FME User Roles, and click on Edit on any role you want to customize. Let’s say you want to customize the Shop Manager role in the WooCommerce store.
Click on “Edit” on that particular role and enable/disable capabilities to give or limit permission on different actions.
Click on “Save Changes” once you are done. You can customize the capabilities of any user role of the WooCommerce store with this plugin.
WooCommerce User Roles and Capabilities Best Practices
When managing user roles and capabilities in WooCommerce, following best practices can help ensure your store operates smoothly while maintaining security and efficiency. Here are some key best practices for managing WooCommerce user roles and capabilities:
- Limit Access to Necessary Permissions Only: Only assign user roles that provide the permissions necessary for individuals to perform their job functions. Over-privileging users can lead to security risks or accidental configuration changes.
- Customize Roles for Specific Needs: If the built-in roles don’t fit your needs perfectly, consider using a plugin like “Members” or “User Role Editor” to create custom roles in the WooCommerce store or modify existing ones. This allows for more granular control over what users can see and do within your store.
- Regularly Review User Access: You need to review who has access to your WordPress and WooCommerce backend, especially after changes in staff or contractors. Be sure to remove or downgrade access for those who no longer need it to minimize potential security vulnerabilities.
- Strong Authentication Practices: Encourage or enforce strong passwords using plugins that enforce password rules. Consider implementing two-factor authentication (2FA) for additional security, especially for roles with more capabilities.
- Educate Users on Security Practices: Ensure that all users, particularly those with administrative or managerial access, are trained on security best practices, like recognizing phishing attempts and securing login credentials.
- Audit and Monitor Activities: Use auditing and monitoring tools to keep track of changes and activities performed by users within your store. Plugins like Activity Log can help you monitor and record user actions, providing an audit trail in case of issues.
By implementing these best practices, you can ensure that your WooCommerce store is secure, efficient, and tailored to meet your business needs while minimizing risks associated with user management.
Understanding WooCommerce roles and permissions is crucial when it comes to managing a WooCommerce store. You need to know what roles are capable of doing what in your store. Learn WooCommerce roles and capabilities before assigning anyone new roles. Good luck!
