Webshop permissions reference
Find the Unity roles required to administer Unity Webshops in the Dashboard or through the Admin API.
Read time 2 minutesLast updated a day ago
Unity Cloud roles control access to webshops. Use the dedicated webshop roles for least-privilege administration. Broader Unity Cloud user types, such as Owner, Manager, and User, also include webshop permissions through inheritance. This page lists the available roles, what each role grants, and which role each operation requires.
Dedicated webshop roles
The dedicated webshop roles are part of the Monetization role suite and apply at the project level. You can assign them to users and Service Accounts.Role | Webshop access | Permissions granted |
|---|---|---|
| Webshop Viewer | Read-only access to a project's webshops and webshop configurations. | |
| Webshop Editor | Full webshop administration, including creating, updating, deleting, publishing, unpublishing, generating themes, uploading branding, switching environments, and applying non-production drafts to production. | |
Roles that inherit webshop access
Standard user types include webshop permissions through their existing scopes. A team member who already has one of these roles can access webshops without an additional role.Role | Scope | Webshop access |
|---|---|---|
| Owner | Organization | Full webshop administration, plus the broader organization-level permissions that the Owner role inherits. |
| Manager | Organization | Full webshop administration. |
| User | Project | Read-only access with |
Operations and required role
The following table lists each webshop operation, the dedicated role it requires, and the inheriting role that also grants it.Operation | Required role | Inheriting role |
|---|---|---|
| List webshops | Webshop Viewer or higher | User, Manager, or Owner |
| Get a webshop's configuration | Webshop Viewer or higher | User, Manager, or Owner |
| Create a webshop | Webshop Editor | Manager or Owner |
| Update slug, name, or deep link target | Webshop Editor | Manager or Owner |
| Upload branding media (hero banner, thumbnail) | Webshop Editor | Manager or Owner |
| Upload reference screenshots for theme generation | Webshop Editor | Manager or Owner |
| Generate a theme with AI | Webshop Editor | Manager or Owner |
| Save a theme to a draft | Webshop Editor | Manager or Owner |
| Apply a non-production draft to production | Webshop Editor | Manager or Owner |
| Publish or unpublish a webshop | Webshop Editor | Manager or Owner |
| Delete a webshop | Webshop Editor | Manager or Owner |
Service Accounts
Assign Service Account roles in the Service Accounts section of the Unity Dashboard. Use Webshop Editor for full Admin API access, or Webshop Viewer for read-only programmatic access. The Admin API also requires the Unity Environments Viewer role to resolve environment IDs. Without this role, environment-scoped requests fail with a403