Volusion uses a role-based permission system that provides control over administrator capabilities within your e-commerce store. Understanding these roles is essential for secure store management and team collaboration.
How Volusion Permissions Work
Role-Based Access Control
Volusion implements a hierarchical admin system:
- Role: Predefined access level (Super Admin, Administrator, Limited Admin)
- Permissions: Specific capabilities within departments
- Departments: Functional areas of the store (Products, Orders, Customers, etc.)
- IP Restrictions: Additional security layer (optional)
Administrator → Role → Department Access → Specific Permissions
Permission Structure
Store Admin
├── Department Access (what areas)
├── Permission Level (what actions)
├── IP Restrictions (where from)
└── Time Restrictions (when)
Administrator Roles
Super Administrator
Purpose: Complete store control and ownership
Key Capabilities:
- Full access: All store functions and settings
- User management: Create, edit, delete administrators
- Billing: Manage subscriptions and payments
- Store settings: Configure all store settings
- Design: Full theme and design control
- Integrations: Manage all third-party apps
- API access: Generate and manage API credentials
Complete Access Areas:
✓ Products and Inventory
✓ Orders and Fulfillment
✓ Customers and CRM
✓ Content and SEO
✓ Marketing and Promotions
✓ Reports and Analytics
✓ Design and Templates
✓ Settings and Configuration
✓ Admin Management
✓ Billing and Subscription
✓ API and Integrations
✓ Security Settings
Use Cases:
- Store owner
- Chief technical officer
- Lead developer with full authority
- Primary stakeholder
Security Notes:
- Limit to 1-2 trusted individuals
- Require two-factor authentication
- Monitor all Super Admin actions
- Regular security audits
Cannot be removed: Must have at least one Super Admin
Administrator
Purpose: Day-to-day store management without critical access
Key Capabilities:
- Most functions: Access to assigned departments
- Content management: Products, categories, content
- Order processing: View and manage orders
- Customer service: Access customer data
- Marketing: Manage promotions and newsletters
- Reports: View and generate reports
- Cannot: Manage billing, delete store, manage Super Admins
Permission Breakdown:
Products/Inventory:
├── View products: ✓
├── Add products: ✓
├── Edit products: ✓
├── Delete products: ✓
├── Manage inventory: ✓
└── Import/Export: ✓
Orders:
├── View orders: ✓
├── Process orders: ✓
├── Edit orders: ✓
├── Delete orders: ✓
├── Refunds: ✓
└── Shipping: ✓
Customers:
├── View customers: ✓
├── Edit customers: ✓
├── Add customers: ✓
├── Delete customers: ✓
└── Export data: ✓
Content/SEO:
├── Edit pages: ✓
├── Manage blog: ✓
├── SEO settings: ✓
└── Meta data: ✓
Settings:
├── Store settings: Limited
├── Payment settings: ✗
├── Shipping settings: ✓
├── Tax settings: ✗
├── Billing: ✗
└── Admin management: ✗
Use Cases:
- Store manager
- Operations lead
- Customer service manager
- Marketing manager
Best For:
- Daily operations without owner access
- Trusted team members
- Department heads
Limited Administrator
Purpose: Restricted access to specific functions
Key Capabilities:
- Assigned departments only: Access limited to selected areas
- View/edit permissions: Customizable per department
- Cannot: Access unassigned departments, change settings, manage users
Customizable Access: Select specific departments and permission levels:
Products Department (example):
Options:
├── No Access: ✗
├── View Only: Read-only product list
├── View & Edit: Modify existing products
└── Full Access: Add, edit, delete products
Selected: View & Edit
Result:
├── View products: ✓
├── Edit products: ✓
├── Add products: ✗
├── Delete products: ✗
Permission Matrix (customizable):
| Department | None | View | Edit | Full |
|---|---|---|---|---|
| Products | ✗ | ✓ | ✓ | ✓ |
| Orders | ✗ | ✓ | ✓ | ✓ |
| Customers | ✗ | ✓ | ✓ | ✓ |
| Content | ✗ | ✓ | ✓ | ✓ |
| Reports | ✗ | ✓ | ✗ | ✓ |
| Marketing | ✗ | ✓ | ✓ | ✓ |
| Settings | ✗ | ✗ | ✗ | ✗ |
Use Cases:
- Content writers (Content department only)
- Order processors (Orders department only)
- Inventory managers (Products department only)
- Customer service reps (Customers, Orders view)
Best For:
- Role-specific access
- Junior team members
- Seasonal workers
- Third-party contractors
Department-Level Permissions
Products and Inventory
Available Permissions:
View Only:
├── Browse product catalog
├── Search products
├── View product details
├── View inventory levels
└── Cannot make changes
Edit:
├── All View permissions
├── Modify existing products
├── Update inventory
├── Change prices
├── Edit descriptions
└── Cannot add/delete products
Full Access:
├── All Edit permissions
├── Add new products
├── Delete products
├── Import products
├── Export product data
├── Manage categories
└── Product options/variants
Use for:
- View: Reporting, customer service
- Edit: Product managers, merchandisers
- Full: Inventory managers, catalog managers
Orders and Fulfillment
Available Permissions:
View Only:
├── View order list
├── View order details
├── Check order status
├── View customer info
└── Cannot modify orders
Edit:
├── All View permissions
├── Update order status
├── Add order notes
├── Process refunds
├── Update shipping
├── Print packing slips
└── Cannot delete orders
Full Access:
├── All Edit permissions
├── Create manual orders
├── Delete orders (caution)
├── Edit order items
├── Adjust pricing
├── Modify payment status
└── Full refund control
Use for:
- View: Reporting, analytics teams
- Edit: Fulfillment staff, customer service
- Full: Operations manager, store manager
Customers and CRM
Available Permissions:
View Only:
├── View customer list
├── View customer details
├── View order history
├── View account info
└── Cannot edit
Edit:
├── All View permissions
├── Edit customer details
├── Add customer notes
├── Update addresses
├── Modify customer groups
└── Cannot delete customers
Full Access:
├── All Edit permissions
├── Add new customers
├── Delete customers
├── Export customer data
├── Merge duplicate accounts
└── Manage customer groups
Use for:
- View: Marketing, analytics
- Edit: Customer service
- Full: CRM manager, operations
Content and SEO
Available Permissions:
View Only:
├── View pages
├── View blog posts
├── View navigation
└── Cannot edit
Edit:
├── All View permissions
├── Edit existing pages
├── Modify blog posts
├── Update navigation
├── Edit SEO settings
├── Manage meta data
└── Cannot delete pages
Full Access:
├── All Edit permissions
├── Create new pages
├── Delete pages
├── Manage templates
├── Advanced SEO
└── URL rewrites
Use for:
- View: QA, proofreading
- Edit: Content writers, marketers
- Full: Content manager, SEO specialist
Reports and Analytics
Available Permissions:
View Only:
├── View all reports
├── Access analytics
├── See dashboards
└── Cannot export data
Full Access:
├── All View permissions
├── Export reports
├── Create custom reports
├── Schedule reports
└── Download data
Use for:
- View: General team visibility
- Full: Analysts, management, finance
Marketing and Promotions
Available Permissions:
View Only:
├── View promotions
├── See coupons
├── View newsletters
└── Cannot modify
Edit:
├── All View permissions
├── Create promotions
├── Edit discounts
├── Manage coupons
├── Send newsletters
└── Cannot delete campaigns
Full Access:
├── All Edit permissions
├── Delete promotions
├── Advanced marketing tools
├── Email automation
├── A/B testing
└── Integration settings
Use for:
- View: Team coordination
- Edit: Marketing coordinators
- Full: Marketing manager
Design and Templates
Available Permissions:
View Only:
├── Preview templates
├── View theme settings
└── Cannot edit
Full Access:
├── Edit theme
├── Modify templates
├── Custom CSS/HTML
├── Upload images
├── Change layouts
└── Install themes
Use for:
- View: QA, stakeholders
- Full: Web designers, developers
Security Warning: Full design access = code injection risk
Settings and Configuration
Available Permissions:
Super Admin Only:
├── Payment gateway settings
├── Shipping configuration
├── Tax settings
├── Store information
├── Domain settings
├── SSL certificates
├── Admin management
└── Billing/subscription
Administrator (Limited):
├── Shipping methods: ✓
├── Email templates: ✓
├── Notification settings: ✓
├── Store hours: ✓
├── Payment settings: ✗
├── Tax settings: ✗
├── Billing: ✗
└── Admin management: ✗
Security: Critical settings restricted to Super Admin only
Advanced Permission Features
IP Address Restrictions
Add security layer:
Admin Settings → IP Restrictions → Enable
Configuration:
- Enter allowed IP addresses
- Support for IP ranges
- Whitelist only
Use cases:
- Office-only access
- Specific locations only
- Prevent remote access
- High-security accounts
Example:
Admin: John Doe
Role: Administrator
IP Restriction: 203.0.113.0/24 (office network)
Result: Can only login from office
Time-Based Restrictions
Limit login hours (if available):
Admin Settings → Login Hours
Configuration:
- Set business hours
- Define timezone
- Block after-hours access
Use for:
- Contractors (project hours only)
- Part-time staff
- Additional security
- Compliance requirements
Two-Factor Authentication
Enable 2FA:
Profile → Security → Enable Two-Factor Authentication
Methods:
- Email-based codes
- SMS verification (if supported)
- Authenticator app (Google Authenticator)
Recommendations:
- Required: Super Administrators
- Recommended: All Administrators
- Optional: Limited Admins (depending on access)
Setup process:
- Enable 2FA in profile
- Enter phone or email
- Receive verification code
- Enter code to confirm
- Save backup codes
Custom Permission Scenarios
Example 1: Customer Service Rep
Requirements: Handle customer inquiries and orders
Configuration:
Role: Limited Administrator
Departments:
├── Orders: Edit (view, update status, process refunds)
├── Customers: Edit (view, update details, add notes)
├── Products: View (check inventory, product info)
├── Reports: View (order reports only)
└── All other departments: No Access
Additional:
├── IP Restriction: Office network
├── 2FA: Enabled
└── Login Hours: 9 AM - 6 PM
Example 2: Product Manager
Requirements: Manage catalog, pricing, inventory
Configuration:
Role: Limited Administrator
Departments:
├── Products: Full (add, edit, delete products)
├── Inventory: Full (manage stock levels)
├── Categories: Full (organize catalog)
├── Orders: View (check sales data)
├── Reports: View (product performance)
└── All other departments: No Access
Additional:
├── IP Restriction: None (remote work)
├── 2FA: Enabled
└── Login Hours: Any
Example 3: Content Writer
Requirements: Update pages, blog, SEO
Configuration:
Role: Limited Administrator
Departments:
├── Content: Edit (pages, blog posts)
├── SEO: Edit (meta tags, descriptions)
├── Products: Edit (descriptions only)
├── All other departments: No Access
Additional:
├── IP Restriction: None
├── 2FA: Optional
└── Login Hours: Any
Example 4: Finance/Reporting
Requirements: Access reports and analytics only
Configuration:
Role: Limited Administrator
Departments:
├── Reports: Full (all reports, export)
├── Orders: View (financial data)
├── All other departments: No Access
Additional:
├── IP Restriction: Finance office
├── 2FA: Required
└── Login Hours: Business hours
Security Best Practices
Principle of Least Privilege
Grant minimum access needed:
Bad example:
New hire → Administrator role
Reason: "Easier to give full access"
Good example:
New hire → Limited Administrator
Departments: Assigned based on job role
Review: 30-day access review
Escalation: Request additional access as needed
Dangerous Permissions
Restrict carefully:
Critical permissions:
- Billing access: Financial risk
- Admin management: Privilege escalation
- Design access: Code injection
- Customer data export: Privacy risk
- API credentials: Data exposure
Mitigation:
- Limit to Super Admin only
- Require approval workflow
- Log all uses
- Regular audits
Regular Permission Audits
Monthly review:
- List all active administrators
- Verify role appropriateness
- Check for over-permissioned users
- Identify inactive accounts (30+ days)
- Review failed login attempts
Quarterly audit:
- Full security review
- Password policy compliance
- 2FA adoption rate
- Remove unnecessary accounts
- Update documentation
Platform-Specific Notes
Volusion V1 (Classic) Permissions
Department-based system:
- Simpler permission model
- Checkbox-style access
- Less granularity
- All-or-nothing per department
Departments:
- Inventory
- Orders
- Customers
- Articles
- Reports
- Newsletters
- Site Features
- Site Design
Admin levels:
- Super Admin (all checkboxes)
- Regular Admin (selected checkboxes)
Volusion V2 Permissions
Enhanced features:
- Granular permission levels
- View/Edit/Full access tiers
- Modern interface
- Better security options
Key improvements:
- More detailed permissions
- IP restrictions
- Better audit logging
- Improved 2FA
Troubleshooting Permission Issues
Admin Can't Access Expected Feature
Debug steps:
- Verify role: Check assigned role type
- Check department access: Confirm department enabled
- Permission level: Verify view/edit/full setting
- IP restriction: Check if IP blocking access
- Time restriction: Verify within allowed hours
- Clear cache: Logout and login again
Common issues:
- Wrong role assigned
- Department not enabled
- Insufficient permission level
- IP restriction blocking
Permission Changes Don't Take Effect
Solutions:
- Log out and back in: Force session refresh
- Clear browser cache: Remove cached permissions
- Check if saved: Verify changes saved properly
- Wait 5 minutes: System may need time to update
Can't Modify Critical Settings
Expected behavior: Only Super Admin can access
Verify:
- Are you Super Admin?
- Is another Super Admin needed?
- Contact account owner
Former Admin Still Has Access
Check:
- Account deleted: Verify in admin list
- Active sessions: Force logout all sessions
- Clear cookies: Have them clear browser
- Password changed: If shared password
If still accessing:
- Change password immediately
- Check for duplicate accounts
- Review security logs
- Contact Volusion support
Next Steps
- Adding & Removing Users - User management workflows
- Volusion User Management - Overview and best practices
- Volusion Help Center