Shopify staff accounts & permissions after WooCommerce (2026)

WooCommerce inherited WordPress's user role system — Administrator, Editor, Shop Manager, Customer — with granular role management available through plugins like User Role Editor. Shopify has a cleaner, built-in staff account system with predefined permission sets that can be toggled per staff member. This guide covers setting up staff accounts post-migration, mapping WooCommerce WordPress roles to Shopify permissions, and best practices for staff access management.

WooCommerce WordPress roles vs Shopify staff permissions

WordPress / WooCommerce role	Shopify equivalent	Notes
WordPress Administrator	Shopify Owner (full access) or Staff with all permissions	Owner account has unrestricted access
Shop Manager	Staff with Orders + Products + Customers + Reports	No settings access by default
WordPress Editor	Staff with Online Store access (theme, pages, blog)	Can edit pages and blog, not orders
WordPress Author	Staff with limited content access	Blog post editing only via content access
Agency/Developer	Collaborator account	External access without staff seat consumption

Shopify staff account limits by plan

• Basic Shopify: 2 staff accounts (in addition to the owner)
• Shopify: 5 staff accounts
• Advanced Shopify: 15 staff accounts
• Shopify Plus: Unlimited staff accounts
• Note: collaborator accounts (for agencies/developers) don't count against staff limits
• POS staff: POS staff access for point-of-sale only is managed separately and doesn't require a full staff account on most plans

Permission categories

Shopify staff permissions are organised by area — toggle each on/off per staff member:

Orders

• Orders: view and edit orders
• Manage and process orders: fulfil, refund, cancel orders
• Edit orders: change shipping, products in an order (post-creation)
• Export orders: download order CSV exports

Products

• Products: view products and inventory
• Create and edit products: add, edit, delete products
• Create products: add new products (without delete permission)
• Inventory: update stock levels

Customers

• Customers: view customer profiles
• Edit customers: modify customer data, add tags, apply discounts

Analytics

• Reports: view sales reports and analytics dashboards
• Finances: view detailed financial reports (potentially sensitive)

Store management

• Gift cards: issue and manage gift cards
• Discounts: create and manage discount codes
• Blog posts and pages: manage content in Online Store
• Themes: edit theme code and theme settings
• Navigation: manage navigation menus
• Domains: manage domain settings
• Preferences: edit store preferences

Settings (typically restricted)

• Apps: install and manage apps
• Settings: access store settings (payment, checkout, legal)
• Shopify Payments: view payout information and financials

Recommended permission sets by role

Fulfilment and shipping staff

• Enable: Orders (view + process), Customers (view), Products (view only)
• Disable: Create/edit products, Reports, Settings, Finances
• Purpose: warehouse staff who pack and ship orders need to see orders and print packing slips — nothing else

Customer service staff

• Enable: Orders (view + edit), Customers (view + edit), Gift cards, Discounts
• Disable: Create/edit products, Settings, Themes, Finances
• Purpose: CS agents need to process refunds, issue gift cards, apply discount codes, and modify customer data

Merchandising and product team

• Enable: Products (create + edit), Blog posts and pages, Navigation, Inventory
• Disable: Orders, Finances, Settings, Apps
• Purpose: product managers and copywriters need to create/edit products and content without access to order or financial data

Marketing staff

• Enable: Blog posts and pages, Discounts, Reports (not finances)
• Disable: Orders (sensitive), Settings, Themes, Shopify Payments
• Purpose: marketing team creates blog content and discount campaigns; reports access helps measure campaign performance

Store manager

• Enable: All order permissions, All product permissions, Customers, Reports, Discounts, Gift cards, Blog posts, Navigation
• Disable: Apps (prevent accidental app installs), Settings (prevent payment/checkout changes), Shopify Payments payouts
• Purpose: operational ownership without financial or settings access

Collaborator accounts for agencies

• Collaborator accounts: for agencies, developers, and freelancers who need store access. Send a collaborator request from your Shopify account; the agency accepts.
• Separate from staff: collaborators don't use staff account slots. Unlimited collaborators regardless of plan.
• Granular access: same permission system as staff — grant only what the agency needs. A theme agency needs Themes access; a migration agency needs Products + Orders; a Shopify app developer may need Apps access.
• Time-limited: revoke collaborator access when the project ends. Don't leave inactive collaborator accounts open.
• Collaborator vs staff: use collaborator accounts for external parties; staff accounts for employed team members.

Two-factor authentication (2FA)

• Shopify requires 2FA for all staff accounts with certain permissions (especially if they have access to financial data or settings)
• Enforce 2FA: as store owner, you can require all staff to enable 2FA before accessing the admin. Settings → Users → Require two-step authentication.
• 2FA methods: authenticator app (Google Authenticator, Authy — recommended) or SMS. Authenticator app is more secure than SMS.
• WooCommerce comparison: WordPress admin typically had minimal 2FA enforcement without a dedicated plugin (like WP 2FA or Shield Security). Shopify's built-in 2FA requirement is a security improvement.

POS staff access

• POS staff PINs: for Shopify POS, set up staff PINs for each team member. Each transaction in POS is attributed to the staff member who processed it.
• POS roles: Shopify POS has Manager and Staff roles within POS. Managers can apply manual discounts, override prices, and access POS settings. Staff can only process standard transactions.
• POS limited access: staff with POS access only don't need full Shopify admin access. Configure accordingly to limit exposure.

Staff accounts migration checklist

• Audit all WordPress/WooCommerce user accounts — who has admin/shop manager access currently
• Invite staff members to Shopify with appropriate permission sets
• Create role-based permission templates for: fulfilment, customer service, merchandising, marketing, store manager
• Enforce 2FA for all staff accounts (Settings → Users)
• Set up POS staff PINs if using Shopify POS
• Invite agencies and developers as collaborator accounts (not staff)
• Verify: fulfilment staff can see and process orders — cannot edit products or access settings
• Verify: product team can create/edit products — cannot see order financial data
• Verify: CS staff can issue refunds and gift cards — cannot change store settings
• Remove any WordPress admin accounts that don't have a Shopify equivalent (decommission WooCommerce logins post-migration)

The principle of least privilege applies to Shopify staff accounts just as much as it does to any other system. WooCommerce stores routinely accumulate WordPress administrators who were added "just to help with something" and never had their access revoked. The admin list grows quietly, and after a year, there are 8 people with full WordPress admin access when only 2 need it. The migration is the right time to audit access properly: identify exactly what each staff member needs to do their job, grant only those permissions, enforce 2FA, and use collaborator accounts for external parties. This isn't just security hygiene — it reduces the surface area for accidental changes (a CS agent accidentally publishing a draft product) and protects sensitive financial data from team members who have no operational reason to see it.