BigCommerce User Management: Roles and Permissions | OpsBlu Docs

BigCommerce User Management: Roles and Permissions

Manage store users, roles, and API accounts in BigCommerce. Covers predefined roles, custom permissions, API token scopes, and analytics access control.

BigCommerce uses a role-based permission system for its control panel with predefined roles and the ability to create custom roles on higher-tier plans. Each store user logs in separately and is assigned a role that controls which sections of the admin panel they can access.

Permission model overview

BigCommerce permissions are section-and-action based. Each role defines which admin areas a user can access and what actions (view, edit, create, delete) they can perform within those areas. The system follows a flat model -- there is no hierarchy or inheritance between roles.

The store owner account has permanent, irrevocable access to all functionality and is the only account that can manage the BigCommerce subscription and billing.

Built-in roles

BigCommerce provides several predefined roles:

  • Store Owner -- Full access to everything including billing, API accounts, and user management. Only one per store. Cannot be reassigned without contacting BigCommerce support.
  • Admin -- Full access to all store management features except billing and subscription settings. Can manage other users.
  • Order Manager -- View and manage orders, refunds, and shipments. No access to products, design, or settings.
  • Order Viewer -- Read-only access to orders. Cannot process refunds or modify order data.
  • Catalog Manager -- Full access to products, categories, brands, and inventory. No access to orders or settings.
  • Marketing Manager -- Manage promotions, coupons, abandoned cart emails, banners, and email marketing integrations.
  • Content Manager -- Edit pages, blog posts, and web content. No access to products or orders.
  • App Manager -- Install, configure, and remove apps from the BigCommerce App Marketplace.

On Enterprise plans, you can create custom roles with granular permission toggles for each admin section.

Managing users in the admin panel

Navigate to Settings > Users in the BigCommerce control panel.

To add a user:

  1. Go to Settings > Users > Create a User Account
  2. Enter the user's first name, last name, and email address
  3. Select a role from the dropdown (or a custom role on Enterprise)
  4. Click Save -- the user receives an email invitation to set their password

To modify a user:

  1. Go to Settings > Users
  2. Click the user's name
  3. Change their role or update details
  4. Save -- changes take effect on next login

To remove a user:

  1. Go to Settings > Users
  2. Click the user's name, then Delete this User
  3. Confirm deletion -- this is irreversible

API accounts and token scopes

BigCommerce has a robust API with fine-grained OAuth scopes. API accounts are managed separately from admin users.

API credentials are created under Settings > API > Store-level API accounts (or via the Dev Portal for app-level tokens). Each API account specifies:

  • OAuth Scopes -- Per-resource permissions (none, read-only, read-write) for: Products, Orders, Customers, Content, Marketing, Store Information, Checkout, Sites & Routes, Channel Listings, and more
  • Token type -- Store-level (single store) or app-level (multi-store via the Apps Marketplace)

Only the store owner and admin-role users can create API accounts. Each token has a client_id, client_secret, and access_token. The access_token is shown only once at creation and cannot be retrieved later.

When offboarding a user who created API tokens, review and regenerate affected credentials under Settings > API > Store-level API accounts.

Analytics and tracking permissions

Different roles control different aspects of analytics setup:

  • Script Manager (Settings > Advanced > Script Manager) -- requires Admin role or a custom role with Settings access. This is where you add GTM, Facebook Pixel, and other tracking scripts.
  • Google Analytics -- configured under Settings > Analytics > Google Analytics. Requires Settings access.
  • Built-in Analytics dashboard -- accessible under Analytics in the left nav. Requires at minimum the ability to view Reports (available to Admin, Marketing Manager, and custom roles with analytics permissions).
  • Checkout tracking -- modifying checkout scripts requires Admin access or higher, as checkout customization is restricted.
  • Data Layer / Storefront APIs -- BigCommerce exposes order and product data via the Storefront GraphQL API and Stencil template context. Customizing data layer output requires developer access to the theme files.

A Marketing Manager can view analytics dashboards and configure promotions but cannot add custom tracking scripts. For full analytics implementation control, the user needs Admin-level access or a custom role with Settings permissions.

Plan-based user limits

  • Standard -- Up to 3 user accounts (including the owner)
  • Plus -- Up to 5 user accounts
  • Pro -- Up to 8 user accounts with custom roles
  • Enterprise -- Unlimited user accounts with full custom role support

Check current plan and seats under Settings > Account > Account Details.

Security features

  • BigCommerce supports enforced two-factor authentication for all admin users via Settings > Security > 2-Step Verification
  • SSO is available on Enterprise plans via SAML for the control panel
  • Storefront customer SSO is available via JWT-based authentication
  • Admin session timeouts are configurable on Enterprise plans
  • There is no built-in SCIM provisioning -- user management is manual or via the Users API
  • Admin activity is not logged in a user-accessible audit trail by default

Sub-pages in this section

Back to top