Claude-code-plugins-plus-skills shopify-enterprise-rbac

install

source · Clone the upstream repo

git clone https://github.com/jeremylongshore/claude-code-plugins-plus-skills

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/jeremylongshore/claude-code-plugins-plus-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/saas-packs/shopify-pack/skills/shopify-enterprise-rbac" ~/.claude/skills/jeremylongshore-claude-code-plugins-plus-skills-shopify-enterprise-rbac && rm -rf "$T"

manifest: plugins/saas-packs/shopify-pack/skills/shopify-enterprise-rbac/SKILL.md

Shopify Enterprise RBAC

Overview

Implement role-based access control for Shopify Plus apps using Shopify's staff member permissions, multi-location features, and Organization-level access.

Prerequisites

Shopify Plus store (for Organization features)
Understanding of Shopify's staff permission model
```
read_users
```
scope for querying staff permissions

Instructions

Step 1: Query Staff Permissions and Map to App Roles

Query staff members via GraphQL to get their access scopes, then map those scopes to app-level roles (admin, manager, fulfillment, viewer). Staff permissions mirror app scopes like

read_products

write_orders

, etc.

See Staff Query and Role Mapping for the complete GraphQL query, role definitions, and matching logic.

Step 2: Permission Middleware and Multi-Location Access

In embedded apps, use online access tokens to get per-staff permissions from

session.onlineAccessInfo

. For Shopify Plus stores with multiple locations, restrict fulfillment and inventory operations to authorized locations per user.

See Permission Middleware and Location Access for Remix loader examples and location access control.

Step 3: Organization API and Audit Trail

Shopify Plus Organization API enables multi-store management with organization-level, store-level admin, and store-level staff roles. Log all access decisions (allowed and denied) for compliance auditing.

See Organization API and Audit Trail for the Organization query and audit implementation.

Output

Staff permissions queried and mapped to app roles
Permission middleware protecting embedded app routes
Multi-location access control for Shopify Plus
Audit trail for all access decisions

Error Handling

Issue	Cause	Solution
No `onlineAccessInfo`	Using offline token	Use online access tokens for per-user permissions
Staff can't access feature	Merchant restricted their permissions	Staff must request access from store owner
Organization API 403	Not on Shopify Plus	Organization features require Plus plan
Location not found	Location deactivated	Query active locations before operations

Examples

Quick Permission Check in Remix

// Remix action with permission guard
export async function action({ request }: ActionFunctionArgs) {
  const { admin, session } = await authenticate.admin(request);

  const role = determineRole(
    session.onlineAccessInfo?.associated_user_scope?.split(",") || []
  );

  if (!canPerformAction(role, "manage_products")) {
    return json({ error: "Insufficient permissions" }, { status: 403 });
  }

  // ... perform the action
}