Miva Merchant Roles & Permissions | OpsBlu Docs

Miva Merchant Roles & Permissions

Miva Merchant admin user permissions -- store-level access groups, module permissions, and API token configuration.

Miva Merchant is a self-hosted e-commerce platform with a group-based permission system for admin users. Permissions control access to store administration modules.

Admin Permission Groups

Permission Area Description
Store Access Which stores the user can manage (multi-store setups)
Module Access Which admin modules the user can access
Function Access Specific actions within modules (add, edit, delete)

Common Permission Sets

Role Pattern Orders Products Customers Categories Settings Templates Users
Full Admin Yes Yes Yes Yes Yes Yes Yes
Store Manager Yes Yes Yes Yes No No No
Order Processor Yes No View No No No No
Content Editor No Edit desc No Edit No Yes No

Configuring Permissions

Navigate to Admin > Users > [User] > Permissions to assign module-level access:

# Miva Admin Permission Tree (Menu > Users > User Permissions)
#
# Store: MyStore
#   + Catalog
#     - Products (Add/Edit/Delete)
#     - Categories (Add/Edit/Delete)
#     - Availability Groups
#   + Orders
#     - Order Processing
#     - Order Returns
#   + Customers
#     - Customer Management
#   + Utilities
#     - Template Editor (required for analytics)
#     - Settings
#     - User Management

Analytics-Relevant Permissions

To add tracking code, a user needs Template Editor access:

<!-- Miva Merchant: Edit via Utilities > Template Editor -->
<!-- Add to the global header template (usually "head" or "global_header") -->
<mvt:comment>Google Analytics 4</mvt:comment>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
  gtag('config', 'G-XXXXXXXXXX', {
    'page_title': '&mvte:page:name;',
    'page_location': '&mvte:urls:_self:auto;'
  });
</script>

API Access

Miva provides a JSON API for programmatic access:

# Miva JSON API authentication
curl -X POST "https://yourstore.com/mm5/json.mvc" \
  -H "Content-Type: application/json" \
  -H "X-Miva-API-Authorization: MIVA YOUR_API_TOKEN" \
  -d '{
    "Store_Code": "STORE_CODE",
    "Function": "OrderList_Load_Query",
    "Count": 10
  }'

API tokens are created per admin user and inherit that user's permission set.

Best Practices

  1. Create purpose-specific admin accounts rather than sharing full-admin credentials
  2. Restrict Template Editor access to prevent accidental tracking code removal
  3. Use the Order Processor pattern for fulfillment staff who only need order access
  4. API tokens inherit user permissions -- create a dedicated API user with minimal access
  5. Audit admin users quarterly via Admin > Users
Nach oben