- Most users do not need access to the configuration or reporting sections of the system.
- Creating a user as" customer service" to avoid an individual's name appearing on correspondence with customers is a good idea.
- Only provide the permission that the specific user requires to do there job, so permission . Permission like "edit users" and "delete orders" should be enabled only for the admin or owner users.
Generally speaking, you should enable the least possible permission and instruct the user to contact you if they encounter a "permission denied" type message when attempting acess an area of the back end or perform a specific action, so that you can access. You can then assess whether they need to, access and then adjuect adjust the permission accordingly. |