Permissions

Permissions are the individual access keys that control what an admin user can see and do. Each permission maps to a specific action within the admin panel. Permissions are grouped into roles — a user gains all the permissions of their assigned role.

Permissions list showing all permission keys grouped by module

How Permissions Work

• If a user's role does not include a permission, the corresponding menu item is hidden and the page returns a 403 error if accessed directly.
• The Super Admin role bypasses all permission checks and always has full access.
• Permissions are checked on both the frontend (UI visibility) and the backend (API authorization).

Permission Groups

Dashboard

Permission Key	Description
dashboard.view	View the admin dashboard and analytics

Products

Permission Key	Description
product.view	Browse the product list
product.create	Add new products
product.edit	Edit existing products
product.delete	Delete products
category.view	View product categories
category.create	Create categories
category.edit	Edit categories
category.delete	Delete categories
brand.view	View brands
brand.create	Create brands
brand.edit	Edit brands
brand.delete	Delete brands
attribute.view	View product attributes
attribute.create	Create attributes
attribute.edit	Edit attributes
attribute.delete	Delete attributes

Orders

Permission Key	Description
order.view	View order list and details
order.update	Update order status
order.delete	Delete orders
order.invoice	Download order invoices

Customers

Permission Key	Description
customer.view	View customer profiles
customer.edit	Edit customer details
customer.delete	Delete customer accounts

Coupons

Permission Key	Description
coupon.view	View coupons and flash deals
coupon.create	Create new coupons
coupon.edit	Edit coupons
coupon.delete	Delete coupons

Shipping

Permission Key	Description
shipping.view	View shipping zones and rates
shipping.create	Create shipping zones/rates
shipping.edit	Edit shipping configuration
shipping.delete	Delete shipping zones/rates

Tax Rates

Permission Key	Description
tax.view	View tax rates
tax.create	Create tax rates
tax.edit	Edit tax rates
tax.delete	Delete tax rates

Payments

Permission Key	Description
payment.view	View payment gateway settings
payment.edit	Edit gateway credentials

Blog

Permission Key	Description
blog.view	View blog posts
blog.create	Create blog posts
blog.edit	Edit blog posts
blog.delete	Delete blog posts
blog-category.view	View blog categories
blog-category.create	Create blog categories
blog-category.edit	Edit blog categories
blog-category.delete	Delete blog categories

Pages

Permission Key	Description
page.view	View CMS pages
page.create	Create CMS pages
page.edit	Edit CMS pages
page.delete	Delete CMS pages

Gallery

Permission Key	Description
gallery.view	Browse the media library
gallery.upload	Upload files
gallery.delete	Delete files

Notifications

Permission Key	Description
notification.view	View notification templates
notification.edit	Edit notification templates
notification.broadcast	Send broadcast notifications

Localization

Permission Key	Description
language.view	View languages
language.create	Add languages
language.edit	Edit translations
currency.view	View currencies
currency.create	Add currencies
currency.edit	Edit currencies

Users & Roles

Permission Key	Description
user.view	View admin users
user.create	Create admin users
user.edit	Edit admin users
user.delete	Delete admin users
role.view	View roles
role.create	Create roles
role.edit	Edit roles
role.delete	Delete roles

Settings

Permission Key	Description
setting.view	View store settings
setting.edit	Edit store settings

Activity Logs

Permission Key	Description
activity-log.view	View the admin activity audit log

Managing Permissions via API

Permissions are also exposed through the REST API. See the API Reference for the /api/v1/admin/permissions endpoints.