Managing access across employees, customers, and integrations often becomes difficult as organizations grow. With Custom Scopes, as Administrator you can define tenant-specific authorization rules and control access with greater precision. This new capability introduces a more flexible way to manage permissions across IAM, APIs, and custom entities directly from the Management Dashboard.
Custom Scopes let you define and manage the scopes available within the tenant and can support multiple access scenarios:
Employee access β Manage permissions for internal users working in the Management Dashboard.
Customer access β Control access for external users such as B2B buyers or partner organizations.
Integrations β Apply tenant scopes to API clients and tokens for secure system-to-system access.
A new way to manage permissions in MD
To support this feature, the Management Dashboard has been updated with:
- An enhanced Users & Groups experience
- A new Access Controls view to manage permissions
- A new Scopes view to define and review available tenant scopes
A userβs effective access is determined by the access controls assigned to their groups and the scopes included within those controls. Groups can also include site-based or custom restrictions where supported.
To get more Management Dashboard details, see:
- Users and Groups | Commerce Engine | Documentation Portal
- Scopes | Commerce Engine | Documentation Portal
- Access Controls | Commerce Engine | Documentation Portal
And to get more technical insights on the solution, see: