Hey there @Maxim Maltsev! Welcome to the Community and thank you for this unique opportunity for our members! 

@James Luterek @Grv S @Obed Murillo @pauloamgomes @Patrick Burkart 

Hi @Maxim Maltsev ,
Thanks for this opportunity :)

Here are some things I can get out of the top of my head:

• What do you like about the current permissions management in Merchant Center and/or Studio? 
  • In Merchant Center
    • I think MC has a robust way to define roles with the teams and their permissions, it can be granular up to attribute groups, I like that!
• What challenges or pain points do you encounter?
  • In Studio
    • I don’t believe there is a place to specify  or understand what each role has access or can/can’t do
    • There are checkboxes on the team screen for each user, but it looks like it does nothing, at least in my case
• What features or improvements would make permissions management more effective for you?
  • In Studio
    • Implement similar level of granularity as in MC, or explain what each role can so it is clear for the admin when assigning roles.
    • Being able to login using SSO as in MC
  • IMPEX
    • Being able to login to IMPEX using SSO as in MC
• Any best practices or insights you can share from your implementation journey?
  • Implement SSO across all the tools, and mange roles for all of them in the same place, in that way and admin can defined the access for development, business users, merchandisers, etc…
     

I did ask our client, to see if they have other feedback to share, if so I’ll add it here.

Regards,

Obed

Hi everyone,

I’ll add my two grains of salt here, even though they are probably not enough to get flavor in this (see what I did there? I’m funny, I know)

In the past, we’ve always opted against using the Merchant Center as a “backoffice” for “business people”. It was very helpful for development and support, but since we never managed any products or orders through Commercetools, but always by some external service that the business people were already used to, there was never a need for finely granulated permission rights in the Merchant Center. I am not saying that the Merchant Center is useless, don’t get me wrong. Just wasn’t useful for our specific use cases.

With that in mind, let me answer your questions:
 

• What do you like about the current permissions management in Merchant Center and/or Studio? 
  • Permissions are always a balance: Fine granularity vs. ease of understanding what each permission does and granting them to many people
  • For this, groups (teams) are always helpful (which is already implemented)
  • I feel like so far you had a good balance between fine granularity and ease of usage. I liked it!

• What challenges or pain points do you encounter?
  • Of course it is always possible that in some use case somebody would need a permission to do something but may not do something else (e.g. I believe you can only see a cart when you can see orders, what if someone is not supposed to be able to see orders but carts?)
    
     
• What features or improvements would make permissions management more effective for you?
  • Enter sub-permissions! “View Orders” can consist of a group of permissions which are all enabled by default when you can “View Orders”. But when needed, these sub permissions can be individually disabled
    
     
• Any best practices or insights you can share from your implementation journey?
  • Nothing new here from me. There are tons of best practises our there when it comes to permissions. SSO is helpful, but we really didn’t have a problem NOT allowing business users onto the merchant center. I don’t think it is a must (or only something a “pro user” might be allowed to do) if you use Commercetools more as a “pure backend”

I’ll double down on extending SSO to all logins. Also being able to control user permissions or teams through SSO. Already too many passwords floating about, SSO lowers that number and includes essentials like 2-factor.

On the Merchant Center the existing granularity is already good, but could be further improved, for example in a situation that want to allow a user to manage specific discounts (not all) by a rule or some kind of tag, the same can happen to products and standalone prices, we may want a user to only edit products assigned by specific category, let’s imagine we are launching new products and we only want a few users to be able to see them.

On studio it’s very different, the concept is a bit confusing in the beginning due the staging model. But I would love to have ability to:

• define custom roles
• have permissions to manage assets
• have permissions for Assets based on tags
• have permissions for Page folders

Hi @Obed Murillo , @Patrick Burkart , @James Luterek , and @pauloamgomes 

thank you so much for your answers! We’re about to go into the discovery phase for the permission management topic and your input is super helpful for us!

I’ll try to keep you updated on our progress and I hope you don’t mind if I reach out to some of you later to clarify some of the points that you already shared. 

Have a great week, everyone!