If you’ve been working with us here at Renrah (you can if you aren’t yet) and we’ve asked you to grant “High Risk” permissions on your BigCommerce store, we totally get it if that name raised an eyebrow.
It sounds more dramatic than it is. I promise.
This is just a standard part of getting set up, and we promise it’s not as scary as it sounds. Here’s a quick breakdown of what these permissions actually do and how to turn them on.
What Are High Risk Permissions?
BigCommerce built High Risk permissions to make developer collaboration a lot smoother. Before this feature existed, agencies like Renrah often had to ask store owners for their actual login credentials just to install an app or set up an API connection. That’s a bad practice for everyone involved. High Risk permissions solve that by letting you hand off specific capabilities to a trusted user without sharing your account at all.
There are six individual permissions you can mix and match. Here’s the plain-English version of each one:
Create Store-Level API Accounts is the big one. This is how tools, custom integrations, and apps talk to your store’s data. Without it, we’d be knocking on your door every time a new integration needs to be set up.
List Store-Level API Accounts lets a user see what API connections are currently active on your store. Handy for keeping tabs on what’s hooked into your store and making sure nothing unexpected is running in the background.
Delete Store-Level API Accounts allows a user to remove API credentials. Worth being a little careful with this one since pulling an API account will immediately break whatever integration is using it. Only grant this to someone who knows the lay of the land.
Install Applications lets a user install apps from the BigCommerce App Marketplace on your store’s behalf. If we need to get a specific app running as part of your project, this is what makes that possible without pulling you away from your day.
Uninstall Applications is the other side of that coin. It allows a user to remove apps from your store. Same story as Delete API Accounts, just worth being intentional about who has this one.
Launch Applications lets a user open and interact with installed apps from the control panel. Generally the most low-key of the bunch, but often needed for apps that have their own dashboards we need to get into.
One Thing Before You Start: You Have to Be Logged in as the Store Owner
This part trips people up sometimes so it’s worth calling out. High Risk permissions can only be granted by the store’s Owner account. That’s the original account tied to the store when it was first created, not just any admin. If you’re signed in as a regular admin, you won’t even see the High Risk section on the page. Log in as the Owner first and then follow the steps below.
How to Grant High Risk Permissions Step by Step
Step 1: Log into your BigCommerce control panel as the store Owner.
Step 2: Go to Settings > Users.
Navigate to Settings from the bottom of the admin sidebar.
Step 3: Find the user you want to update, click the Action button on the right side of their row, and select Edit.
If you haven’t added your Renrah contact as a user yet, you’ll need to do that first by creating a new user with their email address. (If you don’t have a Renrah contact yet, drop us a line and we’ll get you set up)
Step 4: Scroll down to the “High-Risk Permissions” section.
It lives toward the bottom of the edit page, below the standard role and permission settings.
Step 5: Check the boxes for the permissions you want to grant, then save.
We’ll always tell you exactly which ones we need for your project. If you’re ever unsure about something, just ask before enabling it.
And that’s all there is to it. Once saved, your user will have access the next time they log in, and you never have to hand over your own credentials. That’s the whole point.
If you want to dig deeper, BigCommerce has a User Permissions support article that covers the technical side in more detail.