Allow Additional Permissions in Company User Roles allows you to optimize and enhance default permissions for managing company-level permissions.
Magento 2 B2B comes with the Company Roles and Permissions feature which allows company owners to create roles and permission to manage company profiles and user access to resources.
If the user is not authorized to a particular resource it redirects the user to the access denied page.
The B2B setup comes with one predefined Default User role, Which will be created for each registered company. You can use it as it is or modify it as per the requirement. You can also create additional roles as much as you want.
There are many pre-defined permissions available that you can allow to particular roles to manage your company resource access.
Some default permissions are automatically allowed as shown in the below Table.
| Permission Resource | Description | Default Value |
|---|---|---|
| Magento_Company::index | All | allow |
| Magento_Sales::all | Sales | allow |
| Magento_Sales::place_order | Allow Checkout (place order) | allow |
| Magento_Sales::payment_account | Use Pay On Account method | deny |
| Magento_Sales::view_orders | View Orders | allow |
| Magento_Sales::view_orders_sub | View orders of subordinate users | deny |
| Magento_NegotiableQuote::all | Quotes | allow |
| Magento_NegotiableQuote::view_quotes | View | allow |
| Magento_NegotiableQuote::manage | Request, Edit, Delete | allow |
| Magento_NegotiableQuote::checkout | Checkout with quote | allow |
| Magento_NegotiableQuote::view_quotes_sub | View quotes of subordinate users | deny |
| Magento_PurchaseOrder::all | Order Approvals | allow |
| Magento_PurchaseOrder::view_purchase_orders | View My Purchase Orders | allow |
| Magento_PurchaseOrder::view_purchase_orders_for_subordinates | View for subordinates | allow |
| Magento_PurchaseOrder::view_purchase_orders_for_company | View for all company | deny |
| Magento_PurchaseOrder::autoapprove_purchase_order | Auto-approve POs created within this role | deny |
| Magento_PurchaseOrderRule::super_approve_purchase_order | Approve Purchase Orders without other approvals | deny |
| Magento_PurchaseOrderRule::view_approval_rules | View Approval Rules | allow |
| Magento_PurchaseOrderRule::manage_approval_rules | Create, Edit, and Delete | deny |
| Magento_Company::view | Company Profile | allow |
| Magento_Company::view_account | Account Information (View) | allow |
| Magento_Company::edit_account | Edit | deny |
| Magento_Company::view_address | Legal Address | allow |
| Magento_Company::edit_address | Edit | deny |
| Magento_Company::contacts | Contacts (View) | allow |
| Magento_Company::payment_information | Payment Information (View) | allow |
| Magento_Company::shipping_information | Shipping Information (View) | allow |
| Magento_Company::user_management | Company User Management | allow |
| Magento_Company::roles_view | View roles and permissions | deny |
| Magento_Company::roles_edit | Manage roles and permissions | deny |
| Magento_Company::users_view | View users and teams | allow |
| Magento_Company::users_edit | Manage users and teams | deny |
| Magento_Company::credit | Company Credit | deny |
| Magento_Company::credit_history | View | deny |
In this tutorial, we will see how we can allow any permission in the Default User role from the above list which are set to deny.
Here, I’m considering Magento_Sales::view_orders_sub which is not by default set as allowed while the role is created for the company.
We can use Magento\Company\Model\ResourcePool to add this permission to the by default allowed permissions list.
To do this, Create di.xml in your custom module and add the below code.
<?xml version="1.0"?>
<!--
/**
* Created by Jigar Karangiya, for more visit jigarkarangiya.com
* file : app/code/Jigar/BtobCustomization/etc/di.xml
*/
-->
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
<!-- Added view orders of subordinate users permission to the Default User Role for new companies -->
<type name="Magento\Company\Model\ResourcePool">
<arguments>
<argument name="resources" xsi:type="array">
<item name="sales_order_view_orders_for_subordinates"
xsi:type="string">Magento_Sales::view_orders_sub
</item>
</argument>
</arguments>
</type>
</config>As shown above, I have added Magento_Sales::view_orders_sub to the Magento\Company\Model\ResourcePool‘s Items list arguments.
So when the new company is created,
Magento will create the Default User role and retrieveDefaultPermissions() to assign in Default User role as defined in Magento\Company\Model\Authorization\PermissionProvider::class
So, Our permission will be automatically loaded and assigned with other permissions.
So, Now when you register a new company account and check the default user role’s permission you will see that our added permission will be toggled as allowed permission.
That’s it for this tutorial, If you like this tutorial please share and comment your views on this.
You will also like,
how to get shared catalog data by ID in Magento 2?
Get Company using Customer ID programmatically Magento 2 B2B
Get Company Admin using company ID programmatically Magento 2 B2B
Happy Coding !!!!
