Skip to content

Advanced Permissions


Advanced Permissions extension for Magento 2 lets you as super-admin limit sub-admin permissions and role resources. You can vary the permissions for each user role and then assign respective roles to sub-admins.

Here's what Advanced Permissions can do out-of-the-box: - Limit access on the Store View, Website or Category level - Customize role resources on different levels - Customize permissions for each role


All Aitoc extensions can be customized to fit particular business needs. If you have questions about any customization, please drop a message at [email protected]


To install the extension to your Magento 2 store, please follow these steps: - Unzip and paste the extension file into your root Magento folder. - Connect to your server by SSH. - Go to your Magento root folder. - To install the extension, perform this command:

php bin/magento setup:upgrade
  • Reset JavaScript cache by removing all folders in pub/static:
_requirejs; adminhtml; frontend.
  • To switch the extension on/off, perform these commands:
php bin/magento module:enable Aitoc_AdvancedPermissions
php bin/magento module:disable Aitoc_AdvancedPermissions

You can activate/deactivate several Aitoc extensions at once by specifying their names separated by space in the command.


To install the extension via composer please read this guide.

Initial setup

Go to STORES → Settings → Configuration → AITOC EXTENSIONS → ADVANCED PERMISSIONS OR Admin → AITOC → Aitoc → Advanced Permissions → Configuration to choose global settings (they can be altered for each particular user role):

Setting Purpose
Show All Customers You can show or hide your customers from sub-admins. If this is set to "No", sub-admin with restricted permissions will see customers from the website of the allowed store only.
Show products without categories You can show or hide products from sub-admins. If this is set to "No", sub-admin will not be able to see products that don’t have any category assigned. Only Super Admin will be able to see such products.
Allow deleting products, images, categories You can allow or restrict product management related to deletion. If this is set to "Yes", sub-admin with restricted permissions can delete products, product images or categories that they see.
Hide Content with “All Store Views” scope You can show or hide content that has "All store views" view assigned from sub-admins.
Allow to update global attributes You can allow or restrict sub-admins to update global attributes.

User role settings

Each user role (apart from super admin) can be completely customized. It can use global settings or have its own set of settings.


Move the toggle away from “Disable” to limit sub-admin access either by Store View / Category or by Website.

Each user role has a unique set of Attribute permissions and product creation permissions:

This way you can customize sub-admin permissions so that your sub-admins have access only to a specific part of the store and can manage their specific products.

You can tweak the settings in a way so that sub-admins don't have access to other sub-admins' products. Each sub-admin will be doing his part of the job without interfering with other people's work.

To apply user role to a particular sub-admin, go to System → All Users and open user settings. Assign the requires user role and save the user.


Back to top