Right now B2B company locations only have two roles:
- Ordering only: place orders, see only your own orders.
- Location admin: place orders, see all orders for the location, and edit the location’s shipping/billing addresses.
The problem is that “see all orders for the location” and “edit the location address” are bundled into the same role. If we want a buyer to have full order visibility, we’re forced to also let them change the location’s addresses.
We really don’t want buyers changing location addresses at all. Our client’s ERPs are the source of truth for each location’s shipping and billing address, and when a Location admin edits it from their account, it silently diverges from the ERP record. That breaks fulfillment and integration logic that assumes the two stay in sync, which leads to misrouted shipments and reconciliation headaches.
It’d be great if these permissions were decoupled so we could grant order visibility without address editing. Ideally, custom roles where you can assign individual capabilities per contact would be even better.
This is closely related to another request we filed around locking down self-service profile edits: Disable Customer self-service email address updates. Same underlying theme: buyers being able to self-edit data that an external system of record owns.