Configure Default Access Control for Members
Overview
You can set access controls for members who have not been assigned a role.
Purpose
The default access control feature for members is used for the following purposes.
- Clear distinction from role management: Controls whether members with "Member / Write" status who have not been assigned a role can access resources uniformly. In particular, setting this to "Deny" prevents members with undefined roles from viewing or manipulating information unintentionally.
- Ensuring a safe permission state after role removal: When a role is removed from a member due to transfer or resignation, this default setting is automatically applied. This allows the administrator to immediately return to a safe permission state (or a default state tailored to operations) without having to reconfigure settings individually.
Feature Description
What is Default Access Control?
"Default Access Control" is a feature that uniformly sets whether to allow access to each resource for members with "Member / Write" status who have not been assigned a role created by the "Role and Permissions" feature.
Scope of Access Control
In "Default Access Control", selecting "Allow" or "Deny" switches the access rights to resources managed by the "Role and Permissions" feature in bulk.
- Allow: Enables operations (read/write) for all resources that can be controlled by the "Role and Permissions" feature.
- Deny: Disables operations for all resources that can be controlled by the "Role and Permissions" feature.
Even if you select "Deny" in this setting, only the resources manageable by the "Role and Permissions" feature are restricted.
Specifically, it refers to the following resources.
Controllable resources:
- Products
- Catalogs
- Customer Buyers
- Orders
- Delivery Notes
- Goods Return Notes
- Backlog SKU Items
- Archived Backlog SKU Items
- Billing Invoices
- Payment Confirmations
- Billing Balances
- Credit Notes
- Export Documents
Other resources (Inventory, Brand, Link, Excel Order Sheet, etc.) are not subject to the Default Access Control Settings.
Applicable Targets for Access Control
"Default Access Control" applies only to members whose System Role is "Member", System Permission is "Write", and who have not been assigned an individual role.
* For members who have been assigned a role, the default access control setting does not apply, and the permissions defined in the role are always applied.
What are Roles and Permissions?
A "Role" is a configuration feature for specifying Access Scope and Actions (Read / Write) for a member in detail.
When the "System Role" alone provides too wide an access scope, combining roles and permissions allows you to restrict access according to business content as follows:
- Allow access to only specific features
- Prohibit editing and allow only viewing
- Allow viewing and editing only for customer data assigned as a person in charge
In this way, using roles and permissions enables fine-grained data access control for each member.
Instructions
This action can be performed by members with "Primary Owner", "Owner", and "Member / Admin".
Move to the "Default Access Control Settings" screen
- Click Maker Settings > Open Maker Settings in the upper left of the screen.
The "Maker Settings" page opens. - Click Member.
- Click the Access Control tab.
- Click the Edit Default Access Control Settings button.
The "Default Access Control Settings" modal opens.
Select Permissions
-
Default Access Control Settings
Select the permission from the pull-down menu.- Allow: Members with "Member / Write" who have not been assigned a role will be able to write and read all target resources.
- Deny: Members with "Member / Write" who have not been assigned a role will not be able to write and read all target resources.
-
Apply
When the control method settings are complete, click the Apply button.If the process is successful, the Default Access Control Settings will be updated with the edited content.
If the process fails, an error will be displayed. Please refresh the page and try again.
Important Notes
Members with permission to change settings
Only members with the System Role of "Primary Owner" or "Owner", or the system permission of "Admin" can change the "Default Access Control" settings.
Applicable targets and priority of settings
"Default Access Control" applies only to members with System Role "Member" and System Permission "Write" who have not been assigned individual roles.
This setting does not apply to "Primary Owner", "Owner", and "Member / Admin".
Also, for members who have already been assigned a role, the definition of the assigned role will always take precedence, regardless of the content of this setting.
Access scope when set to "Allow"
When "Default Access Control" is set to "Allow", target members will be able to write and read all resources controlled by the "Role and Permissions" feature.
Fine-grained control, such as allowing access only to specific resources, is not possible.
If there are resources containing highly confidential information, we strongly recommend setting "Default Access Control" to "Deny" and managing access rights using individual "Roles".
Timing and impact of setting application
Changes to settings are reflected immediately throughout the system.
Especially when changing the setting from "Allow" to "Deny", there is a possibility that members without roles may suddenly lose access to resources during operation.
Considering the impact on operations, we recommend notifying target members in advance or performing operations outside of business hours when making changes.