Once you have created your 1st reference entity and created your user groups, you can begin to define for each of these user groups if they will be able to display/edit this reference entity and its data.
Rights depending on the reference entity
You can define which user groups can view or edit a reference entity, its properties, its attributes and its records.There are three levels of permissions per reference entity:
- not allowed to view
- allowed to view
- allowed to edit
These permissions apply to the API (reference entity record, reference entity attribute, reference entity attribute option and reference entity endpoints) and file import.
Allowed to edit
The edit right means add, edit and delete rights.
If a user belonging to a user group has right to edit a reference entity, he will be able to:
- Edit the properties of this reference entity
- Add, edit and delete the attributes of this reference entity
- Add, edit and delete a record of this reference entity
- Delete this reference entity
If you want only some users to be able to edit the attributes of a reference entity or delete a record, you can also manage accesses on the actions according to the user roles. Please refer to this article to have more information.
Allowed to view
If a user belonging to a user group has right to view a reference entity, he will only be able to display the reference entity data (properties, attributes, records) and that's all.
He won't be able to edit or delete it.
Not allowed to view
If a user belonging to a user group has not the right to view a reference entity, he will not be able to display the reference entity (properties, attributes, records).
- When records are linked to a product, it is considered product data. As a consequence:
- Users without view permission on the reference entity cannot remove/add the records from the reference entity attribute in the product edit form.
- Users without view permission on the reference entity cannot edit records in the reference entity attribute in the product edit form.
- Users without view permission on the reference entity can display records from the reference entity attribute in the product edit form.
- Users without view permission and trying to get a specific reference entity via the API will receive a 404 error message. This way, we prevent users from guessing the existence of specific reference entities.
- Apps will still ignore reference entity permissions and can always edit all records.
Define permissions on a reference entity
To define the rights on a reference entity, follow these steps:
- Go to the Permissions tab of the reference entity
- Add user group to the desired field Allowed to view or Allowed to edit
- Click Save in the top-right corner
For example, a user in the Manager group can edit this Brand reference entity, so he can add and edit attributes or add and enrich some brands. A user in the Clothes managers group can only view this Brand reference entity, so he can only view its attributes and also view its brands.
If you want all your user groups to have the edit rights, just type All and add the All option to the desired field.
At least one user group should be allowed to edit a reference entity to manage the permissions on this reference entity.
Rights depending on the locales
It is possible to define for each user group, on which locale the reference entity data can be viewed or edited.
For reference entities, we have 2 levels of access on locales: the view right and the edit right.
It is not possible to hide a locale in a reference entity.
The edit right
The edit right means add and edit rights.
If a user belonging to a user group has right to EDIT a reference entity, he will be able to:
- Edit the reference entities labels for a locale
- Edit the reference entities attributes labels for a locale
- Edit the reference entity records values for a locale if the attribute is localizable
The view right
If a user belonging to a user group has right to VIEW on a locale, he will only be able to display the reference entity data on this locale (properties, attributes, records) and that's all.
He won't be able to edit it.
Set rights on a locale
To define the rights on a locale, please refer to this article.