How to provide role based access for different nodes in episerver commerce


Hi ,

Is it possible provide role based access to different nodes in catalog. We have different nodes in our catalog but each node should be visible to specific users only, is there any possibility of assigning access for different nodes similar to cms pages?



Dec 31, 2018 14:34

As long as you are running the latest version of Episerver Commerce then you can set permissions to catalog nodes up using normal roles you set up in admin mode. Catalog permissons were first introduced in Episerver Commerce v11.6.0.

See here for more information: and search for "Controlling access to catalogs and categories". The important part is setting the Visible to property on the catalog node:


Dec 31, 2018 15:55
Dec 31, 2018 15:57

Thanks for the information. Is the same applicable of products under it or just for catalog nodes.

Dec 31, 2018 16:59

It’s just for catalog nodes.

Dec 31, 2018 17:24

The entries (products, variants...) will inherit the permission settings of their true parent category (non linked ones). We might add specific settings for entries in the future if there are enough requests for it

Jan 01, 2019 8:46

Old thread, but hopefully someone is still here :)

I'm not getting inheritance to work. Products, bundles and variants are still visible to everyone when I change the settings on the catalog they have as primary, which I'm guessing is the "true parent". Is this not what "true parent" is or is there some other setting that I'm missing? Or is it not working like this anymore? (Commerce 13)

Apr 08, 2020 14:35

It's category, not catalog. Note that it depends on the code you are using to filter the content. If you want to hide those entries, you have to use FilterForVisitor() 

Apr 08, 2020 14:41

Sorry, I ment Category not Catalog. On my Category I have Visible to Restricted:


On my bundle/product/variant it still says Visible to Everyone:

Or is it just the UI that is not correct? 

Edited, Apr 08, 2020 14:50

It is actually just the UI that is confusing. The access rights are correct!

Apr 08, 2020 14:59

I see. Actually that is a "missing feature" that we did not implement (went with MVP approach). It might be fixed in the future, but I won't bet on it. The filtering at API level should still work, though 

Apr 08, 2020 15:21
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.