Skip to content

Advanced Permissions


Advanced Permissions extension for Magento 2 lets you as super-admin limit sub-admin permissions and role resources. You can vary the permissions for each user role and then assign respective roles to sub-admins.

Here's what Advanced Permissions can do out-of-the-box:

  • Limit access on the Store View, Website, or Category level
  • Customise role resources on different levels
  • Customise permissions for each role


All Aitoc extensions can be customised to fit particular business needs. If you have questions about any customization, please drop a message at [email protected]


Advanced Permissions module is compatible with the following Magento platforms:

Community Edition (Open Source) Enterprise Edition (Commerce) Cloud Edition
2.3.0 - 2.4.* 2.3.0 - 2.4.* 2.3.0 - 2.4.*


Installing module using zip file

  • Unzip and paste the extension file into your root Magento folder.
  • Connect to your server by SSH.
  • Go to your Magento root folder.
  • To install the extension, perform this command:
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy
  • Reset JavaScript cache by removing all folders in pub/static:
_requirejs; adminhtml; frontend.

Composer installation

If you haven't installed any Aitoc module before, in that case first you will need to add your Aitoc composer repository. Please go through the document to see how you can add a composer repository.

To install the module, you will need to run the following commands:

composer require aitoc/advanced-permissions
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy -f
  • To switch the extension on/off, perform these commands:
php bin/magento module:enable Aitoc_AdvancedPermissions
php bin/magento module:disable Aitoc_AdvancedPermissions
  • To update the module, use below command:
composer update aitoc/advanced-permissions

Initial setup

Go to STORES → Settings → Configuration → AITOC EXTENSIONS → ADVANCED PERMISSIONS OR Admin → AITOC → Aitoc → Advanced Permissions → Configuration to choose global settings (they can be altered for each particular user role):

Setting Purpose
Show All Customers You can show or hide your customers from sub-admins. If this is set to "No", sub-admin with restricted permissions will see customers from the website of the allowed store only.
Show products without categories You can show or hide products from sub-admins. If this is set to "No", the sub-admin will not be able to see products that don’t have any category assigned. Only Super Admin will be able to see such products.
Allow deleting products, images, categories You can allow or restrict product management related to deletion. If this is set to "Yes", sub-admin with restricted permissions can delete products, product images or categories that they see.
Hide Content with “All Store Views” scope You can show or hide content that has the "All store views" view assigned from sub-admins.
Allow to update global attributes You can allow or restrict sub-admins to update global attributes.

User role settings

Each user role (apart from super admin) can be completely customized. It can use global settings or have its own set of settings.


Make sure you always select the access before creating new rule.


Always make sure to select correct Role Resources before saving the user role.


Move the toggle away from “Disable” to limit sub-admin access either by Store View / Category or by Website.

Each user role has a unique set of Attribute permissions and product creation permissions:

The module also provides functionality to restrict access to Order, Invoice, Shipment as well as Credit Memo based on their status. So for ex: You can restrict orders for the user role so that the sub-admin assigned to that user role will only be able to see orders if it is having the status "Complete". If an order will have any status other than "Complete", they won't be able to access that order.

This way you can customize sub-admin permissions so that your sub-admins have access only to a specific part of the store and can manage their specific products.

You can tweak the settings in a way so that sub-admins don't have access to other sub-admins products. Each sub-admin will be doing his part of the job without interfering with other people's work.

To apply user role to a particular sub-admin, go to System → All Users and open user settings. Assign the required user role and save the user.

Frequently Asked Questions

Why sub-admin can't see and access anything in Magento admin

For this kind of issue, you should always cross-check if the correct Role Resources and Access have been selected. This kind of issue usually happens when the admin forgets to select access or select correct admin role resources when creating a new user role.