Hide customer information from sales staff

[sttaq]

I want to hide sensitive customer information from a group of employees eg sales staff. The staff should not be able to view customer email, phone number and payment details. While these restriction apply, they should be able to take orders, add new customers, add addresses and also be able to search customers if customers tell them their personal information for example email, customer id etc over a phone call.

 

I would appreciate if someone can tell me how this can be achieved?

[sttaq]

I have tried to remove "View" permissions for the sales staff but removing this also removes their right to Add, Edit or Delete customers from the "Create new order" page in the back office. This is happening despite the fact that all the other three options are ticked. I thought removing "View" would have removed only "View" rights but it's not how PrestaShop works.

 

Can somebody tell me which file I need to look at in order to allow "Add" new customer rights when I have disallowed "View" rights?

 

Thanks in advance

[stottycabanas]

That doesn't sound logical - unless staff can add data with their eyes closed. 

How will your sales staff be able to take orders without payment details or contact customers if they have no access to their email or phone numbers?  By sending a letter to their physical address?

The customer's address should also be classed as personal data, by the way.

Cheers, Dave

[sttaq]

This is same as when someone takes your credit card details over phone and enter it in their system. Once saved they will not be able to view your card detail. They are only able to see the last digits.

 

In our case staff can only contact customers if the customer contacts the inbound call center or through the messaging system available with each order i.e. to update about the orders. I am not bothered about customer address but if it can be protected then that's a plus.

 

I am aware that the customer information will still appear on delivery and invoice slips. But this is a lesser problem for following reasons:

 

1. It is easier to copy and paste from a browser. It is more difficult to search for a customer and then view order details and then open a pdf to view details. Currently PrestaShop lists customers email along with their names. This can be easily copy pasted.

2. Access to invoice and delivery slips can be restricted thanks to PrestaShop.

 

I hope there is someone else other than myself who feels protecting their customers privacy from sales staff is logical and critical. Plus we don't want the sales staff to sell leads to competitors! (PS: we also don't want to spy on our staff's activities)

Edited January 20, 2014 by sttaq (see edit history)

[trevorgilligan]

thanks @sttaq and @stottycabanas looking for the same info. even if you can tell what code to change would be grateful thanks

[trevorgilligan]

found it if you go into admin / themes / default / template / controllers / orders / helpers / view / view.tpl in here you can search for the text "view full details" and comment or delete it out. or account info etc. so employees only see addresses and names. hope that helps