Multi-Store, Four-Role User Management Scenario on Joomla 5

Hello,I’m building a multi‑store Joomla 5 site that needs four distinct user roles within each store:

1. Owner
2. Administrator
3. Escalated
4. Basic

Store & Role Requirements

• Each store has exactly one Owner, who cannot be removed from that store (except by me, the site’s super admin).
• ​​​​​​​Owner and Administrator share the same functional privileges (they can add/remove store users, rename the store, view financial data, etc.). The only difference is that the Owner cannot be removed from the store, whereas an Administrator can be removed by an Owner (or possibly another Admin).
• Escalated users can see sensitive information—like financial records, inventory coordination requests, and internal news—but cannot manage user accounts or rename the store.
• Basic is the lowest role: no user management, no financial data. They can see general items like store news, benefits, and possibly place inventory requests.

Multi-Store Two-Level Structure

• I (the site owner) am the top-level super admin.
• Each store’s Owner (and possibly Admins) manage the internal users of their store from the frontend only.
• No store admin should see or manage users from other stores.
• ​​​​​​​When a store admin creates a new user (e.g., Basic or Escalated), that user should automatically be assigned to the correct store’s user group, without forcing the admin to pick from all groups in a drop-down list.

Goal With Community Builder

1. Frontend User Management: We don’t want store admins in the Joomla backend. We need a CB list or menu item that shows each admin only their store’s users.
2. ​​​​​​​Automatic Group Assignment: Possibly using CB Auto Actions to detect which store admin created a user, then auto-assign that new user to the relevant “store user” group and the correct role (e.g., Basic or Escalated).
3. Role Distinctions: We’d like to enforce or replicate the logic that an Owner can’t be removed from the store, while Administrators can, etc. We realize that might be partially a policy decision, but if CB can help lock that down, that’s great.
4. Additional Plugins?: Are there other paid CB add-ons (besides CB Auto Actions) that I’d need for advanced conditional fields, multi-role assignments, or to ensure each store admin can only see/edit their own store’s data?

My Questions

1. Is this four-role setup (Owner, Admin, Escalated, Basic) with strict store isolation fully achievable using Community Builder on Joomla 5?
2. Do I only need CB Auto Actions (for automatic group assignment) or are there additional plugins you recommend?
3. How could I best handle the “Owner cannot be removed” rule? Should I rely on a manual policy, or is there a CB feature to prevent certain group/role changes for the Owner?
4. ​​​​​​​Thank you for your help! I look forward to your guidance on the best way to configure CB for our multi‑store, multi‑role user management needs.

Best regards,RanD

I assume you already have the store handled with something like HikaShop or Shopify as both have multi-vendor plugins? We don't provide a storefront. We only provide subscription management using CB Paid Subscriptions. Implementation may be impacted based off whatever storefront you're using.

Is this four-role setup (Owner, Admin, Escalated, Basic) with strict store isolation fully achievable using Community Builder on Joomla 5?

To a degree, yes. We don't have functionality for assigning a user to another user exactly, but CB Moderators cannot editor users above or adjacent to them in a user group hierarchy. Example as follows.

Public
- Registered
- - Admin
- - - Owner

With the above Owner can edit Admin and Registered. Admin can edit Registered, but cannot edit Owner. This however only applies to profile data and not other content (e.g. CB Activity, CB Gallery, etc..). In the above case Admin and Owner would have CB Moderator permissions. In order to do user to user assignment you can implement that with CB Auto Actions as you'll be able to redirect away from edit operations they're not permitted to have.

Backend utilizes Joomla permission system so you'll be able to use that to adjust what backend features each usergroup has access to.

Do I only need CB Auto Actions (for automatic group assignment) or are there additional plugins you recommend?

As it stands it seams like that's all you'd need.

How could I best handle the “Owner cannot be removed” rule? Should I rely on a manual policy, or is there a CB feature to prevent certain group/role changes for the Owner?

You can block user deletes with CB Auto Actions.

Hi Krileon,Thank you for your detailed reply regarding our multi‑store user management scenario.To clarify, we are not using a storefront solution like HikaShop or Shopify. Our goal is to build an intranet portal where each store has its own access area. Our primary requirement is to manage subscriptions and user profiles, so that each store operates independently with strict user isolation.Our Requirements Recap:

1. Store-Specific Roles:
   • Owner: Full control over the store (cannot be removed except by a Super Admin).
   • Administrator: Can manage users (add/edit/remove) except for Owners.
   • Escalated: Can view sensitive information (financials, inventory requests, etc.) but cannot manage users.
   • Basic: Limited access; cannot view financials or manage store settings.
2. Store Isolation:
   • Each store’s admin and users must only see and manage data for their own store, with no cross-store visibility.
3. Frontend User Management:
   • We want store admins to manage users exclusively through the intranet portal (frontend) without accessing Joomla’s backend.
   • The plan is to utilize a hierarchical user group structure (e.g., Public > Registered > Admin > Owner) with CB Moderator permissions so that, for instance, an admin can only edit users below them (e.g., Registered) but not Owners.
4. Automatic Group Assignment & Protection:
   • We need new users, when created by a store admin, to be automatically assigned to the appropriate store user group using CB Auto Actions.
   • Additionally, we want to block deletion of Owner accounts via CB Auto Actions.

Follow-Up Questions:

1. With a hierarchical structure like:
   • Public
     └ Registered
     └ Admin
     └ Owner
     – can you confirm that a CB Moderator in the Admin group will only be able to edit Registered users (and not Owners), at least for profile data?
2. For user-to-user assignment:
   • Could you provide more details or examples on how CB Auto Actions can be configured to redirect or block edit operations when a store admin attempts to modify users above or adjacent to them in the hierarchy?
3. Regarding the protection of the Owner role:
   • How does the “block user deletes” functionality work in CB Auto Actions? Will this completely prevent non‑Super Admins from deleting an Owner account?
4. Are there any limitations or considerations with this approach regarding non‑profile content (such as CB Activity or Gallery) that we should be aware of?
5. Lastly, do you have any best practices or recommendations for configuring this hierarchical structure and ensuring strict store isolation for our intranet portal using Community Builder on Joomla 5?

I appreciate your assistance and look forward to your guidance on these points so that we can move forward confidently with our intranet portal implementation.Best regards,

Is this a single business that oversees multiple stores? In that case mixing data in a single install is fine. If each store is an independent business you're unlikely to do this on Joomla as you'd violate some data laws not keeping data isolated. Community Builder works amazingly well for intranets, but adding multi-site into it might be a problem.

Each store’s admin and users must only see and manage data for their own store, with no cross-store visibility.

Joomla really doesn't have any functionality for that. If you need data isolation then each store should be its own Joomla install. I would just do that as subdomains for your intranet.

We want store admins to manage users exclusively through the intranet portal (frontend) without accessing Joomla’s backend.

Frontend user editing is fully functional. User creation however would require a custom form utilizing CBs API or logging out and using registration. Frontend user creation while logged in will be something added in CB 3.x.

We need new users, when created by a store admin, to be automatically assigned to the appropriate store user group using CB Auto Actions.

You'd need a means of identifying users to specific stores (e.g. store number) or your custom frontend form for creating users should ideally handle that. Something like RSForms for example.

Additionally, we want to block deletion of Owner accounts via CB Auto Actions.

There is no frontend user deletion. CB is designed with Joomla backend usage in mind. You should ideally use permissions to restrict what owners have access to in backend, but that'd be a problem for multi-site. So for frontend to have user deletion you'd need a custom implementation and that could then be restricted.

can you confirm that a CB Moderator in the Admin group will only be able to edit Registered users (and not Owners), at least for profile data?

You'd need the following structure for that.

Public
- Registered
- - Admin
- - - Owner

Could you provide more details or examples on how CB Auto Actions can be configured to redirect or block edit operations when a store admin attempts to modify users above or adjacent to them in the hierarchy?

I'm not sure what example you're looking for. It's doable by acting on the appropriate trigger. I cannot provide you with an exact example without an active subscription.

How does the “block user deletes” functionality work in CB Auto Actions? Will this completely prevent non‑Super Admins from deleting an Owner account?

It blocks access by redirecting away and interrupting the process. It can prevent whomever you want from editing or deleting whomever you want as you can define the conditions.

Are there any limitations or considerations with this approach regarding non‑profile content (such as CB Activity or Gallery) that we should be aware of?

Yes, there's no access hierarchical access checks for content other than profile edits. So if they've CB Moderator permissions they can freely modify all other content. However you maybe able to avoid making them CB Moderators entirely. We do have a trigger for our permissions check that CB Auto Actions can extend and that can be used to grant profile edit permissions to whomever you like. So there are alternative solutions available.

Lastly, do you have any best practices or recommendations for configuring this hierarchical structure and ensuring strict store isolation for our intranet portal using Community Builder on Joomla 5?

I've never configured a multi-site or multi-tenant intranet with Joomla before so beyond the above I don't have much to recommend. If each store were its own Joomla site your configurations would be substantially easier, but would of course require additional maintenance maintaining multiple sites.