Managing Admin Users in Self-Hosted Adobe Commerce: A Guide for On-Premises Environments
When running a self-hosted Adobe Commerce (formerly Magento) instance on-premises, you maintain full control over your environment. Still, this autonomy means that if you lose access to the administrative back office or need to create a new administrator without Adobe’s intervention, you cannot rely on external support to “reset” your access. Given that Adobe does not have access to your private server, the responsibility for user management falls entirely on your internal system administrators.
This guide explains how to create and update admin users via the Command Line Interface (CLI), ensuring your team maintains seamless access to the store’s password-protected back office.
- Full Autonomy: On-premises environments require local administration; Adobe cannot remotely access your server to manage users.
- CLI Priority: The Command Line Interface is the primary tool for creating users when the Admin panel is inaccessible.
- Role-Based Access: Apply the System menu within the Admin panel to refine permissions once access is restored.
- Security First: Always use strong passwords and limit the number of users with full administrative privileges.
Creating a New Admin User via CLI
If you are locked out of the Admin panel or need to add a user without using the graphical interface, the bin/magento command-line tool is the most efficient method. This requires SSH access to the server where Adobe Commerce is installed.
The Creation Process
To create a new administrator, execute the following command from the root directory of your Adobe Commerce installation:
php bin/magento admin:user:create --admin-user="username" --admin-password="password" --admin-email="email@example.com" --admin-firstname="First Name" --admin-lastname="Last Name"Breakdown of Parameters:
- –admin-user: The unique username the admin will use to log in.
- –admin-password: A secure password. Ensure this meets your organization’s complexity requirements.
- –admin-email: The email address associated with the account for notifications and recovery.
- –admin-firstname/lastname: The legal name of the user for auditing and identification purposes.
Once the command executes successfully, the user is created with full administrative permissions by default, allowing you to log back into the Adobe Commerce Admin.
Updating Existing Admin Users
Updating user details depends on whether you currently have access to the Admin panel.
Via the Admin Panel
Once you have regained access, the most intuitive way to manage users is through the System menu. This area provides centralized tools for user account and permissions management, allowing you to modify roles, change passwords, or deactivate accounts that are no longer needed.
Via the Command Line
If you need to update a password via the CLI because a user is locked out, you can use the following command:
php bin/magento admin:user:password:set --username="username" --password="new_password"Managing Permissions and Roles
Creating a user is only the first step; securing the environment requires strict adherence to the principle of least privilege. Adobe Commerce allows you to define specific roles to ensure users only access the tools necessary for their job function.
Defining User Roles
Within the Admin panel, you can create custom roles that restrict access to specific modules. For example:
- Merchandisers: Access to product management and promotions, but no access to system configuration.
- Order Managers: Access to order processing and shipping, but no access to marketing tools.
- System Admins: Full access to the System menu, including backups and data transfer tools.
Properly configured roles prevent accidental changes to core system settings and reduce the risk of internal security breaches.
Troubleshooting Common Access Issues
If you’ve created a user but still cannot log in, consider these common technical hurdles:
- Cache Issues: Adobe Commerce relies heavily on caching. After creating a user via CLI, it’s a best practice to flush the cache using
php bin/magento cache:flush. - Incorrect Admin URL: Ensure you are using the correct, password-protected back-office URL. If the URL was changed for security reasons, you can find or reset it via the CLI.
- Permission Conflicts: If a user can log in but cannot see specific menus, verify their assigned role in the System menu.
Frequently Asked Questions
Why can’t Adobe just reset my password for me?
In a self-hosted on-premises deployment, your data and server reside on your own hardware or private cloud. For security and privacy reasons, Adobe does not have a “backdoor” or remote access to your environment. All administrative changes must be performed by your local system administrator.
Is there a way to manage users without SSH access?
No. If you are locked out of the Admin panel and do not have SSH access to the server, you will need to contact your hosting provider or internal IT department to gain terminal access. The CLI is the only way to bypass the Admin panel’s authentication.
Can I import multiple admin users at once?
Yes. Adobe Commerce provides data transfer tools within the System menu that allow for the import and export of multiple records. Although admin users are typically created individually for security, the import tools can be used for broader data management.
Final Strategy for Secure Admin Management
Maintaining a self-hosted environment requires a proactive approach to access management. To avoid emergency lockouts, always ensure at least two trusted administrators have SSH access to the server. Regularly audit your user list via the System menu to remove former employees and rotate passwords every 90 days.
By leveraging the CLI for emergency access and the Admin panel for granular permission control, you can maintain a secure, agile, and fully autonomous commerce operation.