MDVA-29959 patch: admin with “Customers” permissions cannot manage company account
MDVA-29959 patch available in the Quality Patches Tool (QPT) tool version 1.0.5 fixes the issue where a restricted admin user with all permissions for “Customer” ACL cannot manage companies (add or delete a company). Please note, that the issue is fixed in B2B for Adobe Commerce 2.3.4.
Affected products and versions
B2B for Adobe Commerce on cloud infrastructure 2.3.0-2.3.3-p1.
magento/quality-patches
package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.Issue
Admin user with all permissions for “Customer” ACL cannot manage companies (add or delete a company).
Steps to reproduce
- In the Commerce Admin, create a new admin role and assign a user to that role.
- Assign only “Customer” resources to the role.
- Log in as a user with this role.
- Try to delete a company account.
Expected result:
The company account is successfully deleted.
Actual result:
You are not able to delete the company account. You get the Sorry, you need permissions to view this content. error message.
Apply the patch
To apply individual patches, use the following links depending on your deployment method:
- Adobe Commerce or Magento Open Source on-premises: Software Update Guide > Apply Patches in our developer documentation.
- Adobe Commerce on cloud infrastructure: Upgrades and Patches > Apply Patches in our developer documentation.
Related reading
To learn more about Quality Patches Tool, refer to:
- Quality Patches Tool released: a new tool to self-serve quality patches in our support knowledge base.
- Check if patch is available for your Adobe Commerce issue using Quality Patches Tool in our support knowledge base.
For info about other patches available in QPT, refer to Patches available in QPT in our developer documentation.