We had an issue where we could not set the permissions on the Ecommerce admin menu correctly (see https://doc.dynamicweb.com/forum/cms-standard-features/cms-standard-features/issue-with-setting-permissions-for-back-end-users ), this was solved in 9.7.0. and tested successfully.
During the development traject of the website we upgraded again to 9.7.1 and did not recheck the permission model till today, sadly after the site went live, we got the message of our customer that it was not working correctly.
With "Read" permissions on Ecommerce, and the subitems ProductCatalog and Orders, and then "Edit" permissions on 1 of the 2 shops, and "None" on the other shop, when we log in with on of the accounts in those permission groups we can use the Ecommece menu item, but the only thing we see is the Dashboard. The shop dropdown seems correct, only the shop with access is shown, but the Productcatalog and Orders nodes are gone.
We tried if updating Dynamicweb security to 8.5 (from the current 8.4.2) would help, but this did not change anything. We also tried to downgrade the security package to 8.4.0 (the 9.7.0 version), this was sadly not possible without downgrading the admin to 9.7.0 too, which seemed to big a big risk for us at this moment.
Can you let us know if the permission setting must be set in an other way, or if a new bug has crept into the permissions.
Attached screenshots of the permissions on Ecommerce, ProductCatalog and Orders and the warmgarant shop under those 2 nodes, and the result for a user in the "Warmgarant contentmanagers" group.
N.B. the customer discoverd that clicking on an order in the dashboard, and then closing that gives the list of orders of the shop where they have access to, sadly the widget shows also the orders of the shop they should not have access to. I suppose that we will have to make a custom version of the latest orders widget to fix this.