Documentation

In-App Purchasing

Client API

SDK API

In-App Purchasing

Webshop permissions reference

Find the Unity roles required to administer Unity Webshops in the Dashboard or through the Admin API.
Read time 2 minutesLast updated a day ago

Unity Cloud roles control access to webshops. Use the dedicated webshop roles for least-privilege administration. Broader Unity Cloud user types, such as Owner, Manager, and User, also include webshop permissions through inheritance. This page lists the available roles, what each role grants, and which role each operation requires.

Dedicated webshop roles

The dedicated webshop roles are part of the Monetization role suite and apply at the project level. You can assign them to users and Service Accounts.

Role

Webshop access

Permissions granted

Webshop ViewerRead-only access to a project's webshops and webshop configurations.
webshop.configs.get
,
webshop.configs.list
Webshop EditorFull webshop administration, including creating, updating, deleting, publishing, unpublishing, generating themes, uploading branding, switching environments, and applying non-production drafts to production.
webshop.configs.get
,
webshop.configs.list
,
webshop.configs.create
,
webshop.configs.update
,
webshop.configs.delete
,
webshop.configs.publish
,
webshop.themes.generate
For Service Accounts, use the dedicated roles when possible. They grant only the webshop permissions required for administration.

Roles that inherit webshop access

Standard user types include webshop permissions through their existing scopes. A team member who already has one of these roles can access webshops without an additional role.

Role

Scope

Webshop access

OwnerOrganizationFull webshop administration, plus the broader organization-level permissions that the Owner role inherits.
ManagerOrganizationFull webshop administration.
UserProjectRead-only access with
webshop.configs.get
,
webshop.configs.list
.
Dashboard users often already have access through a role. Use the dedicated Webshop Viewer and Webshop Editor roles when you want to grant only webshop permissions without the broader privileges of a role. This is especially useful for Service Accounts that you use in automation.

Operations and required role

The following table lists each webshop operation, the dedicated role it requires, and the inheriting role that also grants it.

Operation

Required role

Inheriting role

List webshopsWebshop Viewer or higherUser, Manager, or Owner
Get a webshop's configurationWebshop Viewer or higherUser, Manager, or Owner
Create a webshopWebshop EditorManager or Owner
Update slug, name, or deep link targetWebshop EditorManager or Owner
Upload branding media (hero banner, thumbnail)Webshop EditorManager or Owner
Upload reference screenshots for theme generationWebshop EditorManager or Owner
Generate a theme with AIWebshop EditorManager or Owner
Save a theme to a draftWebshop EditorManager or Owner
Apply a non-production draft to productionWebshop EditorManager or Owner
Publish or unpublish a webshopWebshop EditorManager or Owner
Delete a webshopWebshop EditorManager or Owner

Service Accounts

Assign Service Account roles in the Service Accounts section of the Unity Dashboard. Use Webshop Editor for full Admin API access, or Webshop Viewer for read-only programmatic access. The Admin API also requires the Unity Environments Viewer role to resolve environment IDs. Without this role, environment-scoped requests fail with a
403
response.
For instructions on creating a Service Account, assigning roles, and generating a base64-encoded key, refer to the Service Account authentication guide.

Dashboard access

Dashboard access uses the account permissions of the signed-in user, not Service Account roles. A team member with the Webshop Viewer role or any inheriting role such as User, Manager, or Owner can see the Webshop section and administer the webshop in the Dashboard according to their level of access.