MDVA-29959 Magento patch available in the Magento Quality Patches (MQP) tool version 1.0.5 fixes the issue where a restricted admin user with all permissions for "Customer" ACL cannot manage companies (add or delete a company). Please note, that the issue is fixed in Magento Commerce B2B 2.3.4.
Affected products and versions
Magento Commerce B2B v2.3.0-2.3.3-p1
Note: the patch can be applicable to other versions with new MQP tool releases. To check if the patch is compatible with your Magento version, run ./vendor/bin/magento-patches
status
Issue
Admin user with all permissions for "Customer" ACL cannot manage companies (add or delete a company).
Steps to reproduce
- In the Magento Admin, create a new admin role and assign a user to that role.
- Assign only "Customer" resources to the role.
- Login as a user with this role.
- Try to delete a company account.
Expected result:
The company account is successfully deleted.
Actual result:
You are not able to delete the company account. You get the Sorry, you need permissions to view this content. error message.
Apply the patch
To apply individual patches use the following links depending on your version of Magento:
- Magento Commerce: DevDocs Software Update Guide > Apply patches.
- Magento Commerce Cloud: DevDocs Upgrades and Patches > Apply Patches.
The patch adds new ACL for managing companies. Following is an illustration of the ACL you get after the patch is installed:
Related reading
To learn more about Magento Quality Patches, refer to:
- KB Magento Quality Patches released: a new tool to self-serve quality patches.
- KB Check if patch is available for your Magento issue using Magento Quality Patches.