---
title: "How to Set Up Shopify Staff Accounts (Complete 2026 Guide)"
description: "Learn how to create and manage staff accounts in Shopify. Set permissions, assign roles, enable two-factor authentication, and manage team access securely."
url: https://easyappsecom.com/guides/how-to-set-up-shopify-staff-accounts.html
date: 2026-03-20
---

# How to Set Up Shopify Staff Accounts (Complete 2026 Guide)

EasyApps Ecommerce

Last updated: March 2026

How to Set Up Shopify Staff Accounts (Complete 2026 Guide)

By Jack Smith · Updated March 19, 2026 · 17 min read

TL;DR: Shopify staff accounts let team members access your admin with individual logins and customized permissions. Set up staff accounts in Settings > Users and permissions, assign granular permissions so each team member only accesses what they need, enforce two-factor authentication for security, and audit staff activity regularly. The number of staff accounts varies by plan: Basic gets 2, Shopify gets 5, Advanced gets 15, and Plus gets unlimited.

Why Individual Staff Accounts Matter

Sharing a single admin login among multiple team members is one of the most common and most dangerous mistakes Shopify store owners make. When everyone uses the same login, you have no accountability for who made what change, no ability to restrict access to sensitive information, and no way to revoke a single person access when they leave the team.

Individual staff accounts solve all of these problems. Each team member gets their own login credentials, their own set of permissions tailored to their role, and their own activity trail that you can audit. If a customer service rep accidentally deletes a product or a marketing manager misconfigures a discount, you can see exactly who did it and when.

Permissions are the key benefit. A fulfillment team member needs access to orders and inventory but should not be able to change your theme, modify shipping settings, or access financial reports. A content writer needs access to blog posts and pages but not to customer data or payment information. Staff accounts let you enforce the principle of least privilege — each person gets the minimum access needed for their role.

For security, individual accounts mean you can revoke a single person access instantly when they leave your team, without changing passwords that everyone else uses. This is especially critical when working with freelancers, virtual assistants, or seasonal staff who may have shorter tenures with your business.

Creating a Staff Account

Step 1: Go to Settings > Users and permissions in your Shopify admin.

Step 2: Under "Staff," click "Add staff." Enter the team member email address and their first and last name.

Step 3: Set their permissions. Shopify shows a comprehensive list of permission categories with checkboxes. Select only the permissions this person needs for their role (see the Roles section below for recommended permission sets).

Step 4: Click "Send invite." The team member receives an email with instructions to create their Shopify account and set a password. They do not use the store owner credentials.

Step 5: Once the team member accepts the invitation and creates their account, they can log in to your Shopify admin with their own credentials. They will only see the sections they have permission to access — other areas will be hidden from their view.

After setup, verify the staff member can access what they need and cannot access what they should not. Log in with their credentials (or ask them to confirm) and spot-check that the permissions are working correctly.

Understanding Permission Groups

Shopify organizes permissions into several categories. Here is what each controls:

Home: Access to the Shopify admin home page and overview dashboard. Almost everyone should have this permission as it provides a general overview of store activity.

Orders: View, create, edit, and fulfill orders. Sub-permissions include managing draft orders, editing orders, and marking orders as paid. Fulfillment staff need view and fulfill; customer service needs view and edit; management needs full order access.

Products: View, create, edit, and delete products, collections, and inventory. Content managers and merchandisers need this. Be careful with delete permissions — accidental product deletion can be disruptive.

Customers: View and manage customer information, including contact details, order history, and tags. Customer service teams need this; marketing teams may need view-only access for segmentation.

Content: Manage blog posts, pages, and navigation menus. Content writers and marketing managers need this. It does not include theme editing, which is a separate permission.

Analytics: View reports and analytics dashboards. Management and marketing teams typically need this. Financial reports may show revenue data you want to restrict from some team members.

Marketing: Manage marketing campaigns, automations, and discounts. Marketing team members need this. Discount creation should be carefully controlled since misconfigured discounts can cost significant revenue.

Online Store: Edit themes, manage domains, and configure the online store. This includes theme code editing, which is a powerful and potentially destructive capability. Restrict this to developers and store owners.

Settings: Access to store settings including taxes, shipping, payments, and billing. This should be restricted to store owners and senior management only.

Recommended Roles and Permission Sets

Here are five common roles with their recommended permission sets:

Customer Service Representative: Home, Orders (view and edit, not delete), Customers (view and edit), Content (view only). This lets them handle customer inquiries, update orders, process returns, and look up customer information without accessing financial data or store settings.

Fulfillment Team Member: Home, Orders (view and fulfill), Products (view inventory). This gives them exactly what they need to pick, pack, and ship orders and check stock levels without accessing anything else.

Marketing Manager: Home, Orders (view only), Products (view and edit), Customers (view only), Content (full access), Analytics (full access), Marketing (full access). This enables campaign management, content creation, and performance analysis without settings or financial access.

Store Manager: All permissions except Settings and Online Store theme editing. Managers need broad access to run day-to-day operations but should not modify core store configuration without the owner involvement.

Developer: Home, Products (view only), Online Store (full access including theme editing). Developers need theme access but should not process orders, access customer data, or modify business settings.

These are starting points — adjust based on your specific team structure and needs. The key principle is: if a team member does not need a permission for their daily work, do not grant it. You can always add permissions later if a role expands.

Enforcing Two-Factor Authentication

Two-factor authentication (2FA) adds a critical security layer to staff accounts. Even if a password is compromised, the attacker cannot access the account without the second factor.

How it works: After entering their password, the staff member must provide a second verification — typically a code from an authenticator app (like Google Authenticator or Authy) or a hardware security key. This ensures that knowing the password alone is not sufficient for access.

Enabling 2FA for staff: Shopify allows the store owner to require 2FA for all staff accounts. Go to Settings > Users and permissions and enable the option to require 2FA. Once enabled, all staff members must set up 2FA on their next login.

Individual setup: Staff members can also enable 2FA on their own account without a store-wide requirement. Encourage or mandate that all team members activate 2FA immediately after accepting their staff account invitation.

Backup codes: When setting up 2FA, staff should save their backup codes in a secure location. These codes allow login if the authenticator app is unavailable (lost phone, factory reset). Without backup codes and without the authenticator, the staff member will be locked out and will need the store owner to reset their 2FA.

Auditing Staff Activity

Shopify maintains a timeline of actions taken in ...