MDVA-29959 Magento patch available in the Quality Patches Tool (QPT) tool version 1.0.5 fixes the issue where a restricted admin user with all permissions for "Customer" ACL cannot manage companies (add or delete a company). Please note, that the issue is fixed in Magento Commerce B2B 2.3.4.
Affected products and versions
Magento Commerce B2B v2.3.0-2.3.3-p1
Note: the patch can be applicable to other versions with new QPT tool releases. To check if the patch is compatible with your Magento version, run ./vendor/bin/magento-patches status
Issue
Admin user with all permissions for "Customer" ACL cannot manage companies (add or delete a company).
Steps to reproduce
- In the Magento Admin, create a new admin role and assign a user to that role.
- Assign only "Customer" resources to the role.
- Login as a user with this role.
- Try to delete a company account.
Expected result:
The company account is successfully deleted.
Actual result:
You are not able to delete the company account. You get the Sorry, you need permissions to view this content. error message.
Apply the patch
To apply individual patches use the following links depending on your version of Magento:
- Magento Commerce: DevDocs Software Update Guide > Apply patches .
- Magento Commerce Cloud: DevDocs Upgrades and Patches > Apply Patches .
The patch adds new ACL for managing companies. Following is an illustration of the ACL you get after the patch is installed:
Related reading
To learn more about Quality Patches Tool, refer to:
- KB Quality Patches Tool released: a new tool to self-serve quality patches .
- KB Check if patch is available for your Magento issue using Quality Patches Tool .
For info about other patches available in QPT tool, refer to the Patches available in QPT tool section.