Setting Up Store Permissions

To set up user permission to your store, go to Store Setting > Set up Store, and click the Permissions tab.

The Permissions tab is composed of the following three sections:

Automatic Assignment to Stores: Assign registered customers either to All Stores or to the selected store (This Store Only).
Automatic Assignment to Groups: Auto-assign registered and anonymous users to user groups.
Password policy: Define password settings, such as expiry policy, format and account lockout.
Groups with permissions to this store: Specify pricing and billing permissions for those groups.

Once a new store is created, uStore automatically creates user groups for this store and assigns store users to them. The automatically created user groups inherit permission from the default user groups for registered and anonymous users.

Automatic assignment to stores

In the Automatic Assignment to Stores section you can assign users to All Stores or to This Store Only.

The system automatically assigns registered customers to All Stores. When assigning a user to all stores, this user cannot register to other stores using the same email address.

Alternatively, you can assign registered customers to a specific store by selecting This Store Only. In this case, uStore allows to register to different stores with the same email address.

Assigning customers to a specific store or to all stores does not override the permissions defined in the user group. To ensure that customers can successfully log in to the store, you need to edit the user group's permissions and make sure that the user group is allowed to access the store.

Automatic assignment to groups

In the Automatic Assignment to Groups section, select the user group you want your registered and anonymous users to be part of. To assign a different user group to the store's users, you must verify that the user group is allowed for this store. For more details see Assigning Permissions to the User Group.

Note that this section is displayed only if the Enable Registration checkbox is selected in the General tab.

For stores in which registration is enabled, the system will auto-assign a permission group to registered users in the Add registered customers to list.

The name of the user group is <Store name> (ID:<ID number>)- Registered Customers and it inherits permissions from the default Customer Root user group.

To view the permissions of the auto-assigned group, go Users > Groups, click the group name in the user groups list and then, in the User Group Setup page, go to the Permission tab. You may modify the group assignment by selecting a different user group in the Registered Users list.

Note that only user groups that are permitted for this store are allowed for selection. To make a user group available for selection, go to the Permissions tab in the user group setup page, and grant the user group permissions for this store.

Note: For public stores (B2C), the system will auto-assign permission groups to both registered and anonymous users. The name of the anonymous user group is <Store name> (ID:<ID number>) - Anonymous Customers.

Storefront password policy

The Store administrator can set up a password policy for a store. The policy includes password combination, lockout, history and expiration. The lockout, history and expiration policy are enforced in the storefront Login page where the customer is asked to enter a password in order to log in to the application. The password combination is enforced only when registering or updating the password.

To define the storefront password policy:

In the Store Setup page, select the Permissions tab.
In the Password Policy section, under Password expires, define the password expiry:
- Select Never if you do not want to enforce periodic password renewal.
- SelectAfter ... daysif you want to enforce periodic password renewal, and enter the number of days after which the login password will expire.
Select the Enforce password format checkbox to determine rules for password composition:
- Minimum characters: Enter the minimum number of characters allowed in a password.
- Maximum characters: Enter the maximum number of characters allowed in a password.
- Minimum Lower Case characters: Enter the minimum number of lower case characters required in a password. This setting is valid for Latin characters only.
- Minimum Upper Case characters: Enter the minimum number of upper case characters required in a password. This setting is valid for Latin characters only.
- Minimum Numeric Characters: Enter the minimum number of numeric characters required in a password.
- Minimum Non-Alpha Numeric Characters: Enter the minimum number of numeric characters (for example, !@#$%^&*())required in a password.
- No reuse of historical passwords for ... password renewals: Enter the number of password renewals during which the customer cannot reuse the password. For example, if you enter "3", the customer will not be able to use his current password during the next three password renewals.
- Password must not contain user name or email: Select this checkbox if you want to block passwords containing user name or email. Neither an entire email address nor parts of it (for example, only the person name or the company name) are accepted. This ensures a higher password security.
Select the Enforce account lockout checkbox to lock out an account when someone tries to log on unsuccessfully several times in a row. Note that the account lockout is per user and not per user and store.
- Account locked after...invalid logon attempts: Enter the number of invalid logon attempts after which the account will be locked.
  
  CAPTCHA will appear for the last sign-in attempt. For example, if you've defined the number of failed sign-in attempts that will cause a user account to be locked to be 5, CAPTCHA will appear on the 5th attempt.
- Lockout counter reset: ...minutes after last logon attempt: Enter the number of minutes after which the locked account will be unlocked.
  
  Once the account is locked, the Store administrator can manually unlock the user, by clearing the User is locked out checkbox in the User Setup page.

If you do not enter a value into one of the Password Policy text boxes, the empty policy will not be enforced during password validation process.

Group prices and billing display

TheGroups with permissions to this store section lists all groups with permissions to this store, and enables the administrator to limit the display of prices and billing information to the selected groups.

The default selection is to show prices and billing information to all allowed user groups.

To show/hide billing information and prices to the selected groups:

Choose if you wish to show prices for your store products:
- Leave the Show Prices checkbox selected if you want to show prices for your store products.
- Clear the Show Prices checkbox if you want to hide them. You may choose to hide prices when this information is not relevant for the shopper.
Choose if you want the user to fill in the billing address:
- Leave the Show Billing Address checkbox selected if you want the user to fill in the billing address section in the Checkout - Order Summary page of the storefront.
- Clear the Show Billing Address checkbox if you do not want the user to fill in the billing address. This is recommended if the user performing an order is not the one that is actually performing the payment. For example, if the user has a limited budget but is not the one who performs the payment, you may choose to select the Show Prices checkbox and clear the Show Billing Address checkbox.
If you cleared the Show Billing address, you must specify the default billing address for all the orders performed by the users of that store.
- When you clear the Show Billing Address checkbox, a pop-up window is displayed to enable you to enter a billing address to be used for all the selected group members.
- Fill in the billing address and click Submit. The billing address will be displayed in the Group’s Billing Address column.