How to Restrict a WooCommerce Orders Table by WordPress Role

Updated July 2026 • 7 min read • By Fahad Murtaza

TableCrafter table builder, connect Gravity Forms, Google Sheets, Airtable, CSV, or JSON data sources
TableCrafter table builder, connect Gravity Forms, Google Sheets, Airtable, CSV, or JSON data sources

A single WooCommerce store typically needs at least three different views of order data: customers see only their own orders in read-only mode, shop managers see all orders and can edit status, and admins see everything including cost and margin columns. TableCrafter handles all three with separate table configurations and role-gated column visibility. This guide walks through each role configuration in full. WordPress powers 43% of all websites globally (W3Techs, July 2026), and TableCrafter bridges the gap between the data you collect and the tables your users need to see, no custom PHP, no dashboard access required for viewers. The free version on WordPress.org supports CSV, JSON, Google Sheets, and Excel. Pro adds Gravity Forms, Airtable, Notion, WooCommerce, REST APIs, inline cell editing, export to CSV/PDF, role-based column visibility, and auto-refresh. Every table embeds on any page with a [tablecrafter] shortcode or the native Gutenberg block. WooCommerce processes over 7 billion dollars in orders monthly across all installations (WooCommerce, 2024).

What Is the Three-Table Strategy?

The cleanest approach is to create three separate table configurations sharing the same WooCommerce Orders data source. Each config is tuned for one role's needs:

You then place the appropriate shortcode on the appropriate page, with each page restricted to the right role. Alternatively, you can use a single page and render all three shortcodes, TableCrafter's own role checks ensure each user sees only the table they have permission to view.

After completing this step, verify the result by viewing the page as a logged-out visitor in an incognito window. This confirms the table behaves correctly for public visitors rather than reflecting admin-level permissions that may hide configuration issues during initial setup. Check both the rendered output and the browser console for any JavaScript errors.

What Is Role 1: Customer, Read-Only, Own Orders Only?

Table Configuration

Create a new table: WooCommerce Orders, Customer View. Data source: WooCommerce: Orders.

Columns

Do not include cost price, margin, internal notes, billing phone, or any business-internal fields.

Filters

Add one hidden filter:

This filter is enforced server-side on every query. Customers cannot see other customers' orders regardless of what they do in the browser.

Access Settings

Shortcode

[tablecrafter id="5" search="true"]

Place on the My Account orders page or a standalone My Orders page.

The column mapping you define here is stored as a JSON configuration in the WordPress database. You can export this configuration using the TableCrafter export tool and import it to another table or another site. This is useful when replicating a table layout across multiple pages or when migrating a table to a staging environment for testing before going live.

What Is Role 2: Shop Manager, All Orders, Status Editable?

Table Configuration

Create a new table: WooCommerce Orders, Shop Manager. Data source: WooCommerce: Orders.

Columns

Do not include cost price or margin columns in this config. Shop managers should see the sale price the customer paid, not the cost the business paid for the product.

Filters

No current-user filter, shop managers see all orders.

Access Settings

Shortcode

[tablecrafter id="6" edit="true" filter="true" search="true" export="true"]

Place on a private page. Use WordPress's built-in page visibility (Password Protected or Private) or a membership plugin to add an additional layer of access control beyond TableCrafter's own role check.

What Is Role 3: Administrator, All Orders, All Columns?

Table Configuration

Create a new table: WooCommerce Orders, Admin. Data source: WooCommerce: Orders.

Columns

All columns from the Shop Manager config, plus:

Cost of goods fields: TableCrafter reads cost-of-goods data from the meta keys written by your cost tracking plugin. Common meta keys include _wc_cog_item_cost (WooCommerce Cost of Goods plugin) and _profit_margin. Add these as meta:_wc_cog_item_cost in the field mapper.

Bulk Actions

Enable Bulk Actions in the toolbar config for the admin table. Add these bulk actions:

Access Settings

Shortcode

[tablecrafter id="7" edit="true" filter="true" search="true" export="true"]

How Does Placing All Three Shortcodes Efficiently Work?

If you want a single page that adapts based on who is viewing it, you can place all three shortcodes on the same page. TableCrafter will render each table only if the current user meets its minimum role requirement. A customer visiting the page sees Table A only. A shop manager sees Tables A and B. An admin sees all three.

This approach works but can look odd, a shop manager would see both their management table and the customer orders table. The cleaner approach is to use three separate pages and redirect users to the appropriate page based on role using a plugin like Meow Login Redirects or a small filter in functions.php.

TableCrafter re-fetches this data on each page load by default. If your data source updates infrequently and your site has significant traffic, enable the built-in caching option in the table's Performance tab. This stores the fetched data for a configurable number of minutes and serves it from WordPress transients, reducing API calls to the source and improving page load time for visitors.

How Does Column-Level Role Gating Work?

For cases where the Shop Manager and Admin views differ only in a few columns, you can use a single table config with column-level role gating instead of two separate configs:

In the column settings for a sensitive column (e.g., line_item_cost), set Minimum role to view this column to Administrator. Shop managers will see all other columns but not this one. The column does not appear in the table HTML at all for shop managers, it is not hidden by CSS.

Column-level role gating reduces the number of table configs to maintain but makes the single config more complex. For three clearly distinct views, separate configs are easier to reason about and audit.

The configuration you set here applies to every visitor who loads a page containing this table, regardless of whether they are logged in. Role-specific overrides for columns and rows are a separate layer and do not replace these global display settings. Apply global settings first, then add role restrictions as needed for tables that serve multiple user types.

How Does Security Considerations Work?

Testing the role config: Use WordPress's "Switch to User" feature (available via the User Switching plugin) to test each role's experience without logging out. Visit the pages as each role and confirm that each user sees exactly the right data and controls.

What Is Summary: Three-Role Configuration at a Glance?

Each WooCommerce role gets a separate TableCrafter table configuration with different column sets, row visibility scopes, and shortcode attributes. This table summarizes the setup described throughout this guide:

Each configuration is independent: changing the column set on the administrator table does not affect the customer table. You can also share the same underlying data source across all three configurations, which means any change to order data is reflected immediately in all three table views without any synchronization step.

Frequently Asked Questions

What Is the Three-Table Strategy?

The cleanest approach is to create three separate table configurations sharing the same WooCommerce Orders data source. Each config is tuned for one role's needs:

What Is TableCrafter?

TableCrafter is a WordPress plugin that turns data from Gravity Forms, Google Sheets, Airtable, Notion, REST APIs, CSV files, and WooCommerce into interactive, sortable, filterable frontend tables. Embed any table on any WordPress page with the [tablecrafter] shortcode or the native Gutenberg block. No PHP or custom development required. The free version supports CSV, JSON, Google Sheets, and Excel. Pro adds Gravity Forms, Airtable, Notion, WooCommerce, REST APIs, inline cell editing, export to CSV and PDF, role-based column visibility, and auto-refresh.

Does this require PHP or developer skills?

No. TableCrafter is configured entirely through the WordPress admin interface. You choose your data source, map fields to columns, and set display preferences using point-and-click controls. Embedding uses the [tablecrafter] shortcode or the native Gutenberg block.

Is the free version sufficient or do I need Pro?

The free plugin on WordPress.org supports CSV, JSON, Google Sheets, and Excel sources with unlimited tables, rows, and columns. Pro adds Gravity Forms, Airtable, Notion, WooCommerce, REST API sources, inline cell editing, bulk row actions, export to CSV and PDF, role-based column visibility, and auto-refresh every N seconds.

Ready to try it?

TableCrafter is free on WordPress.org. Pro unlocks inline editing, role-based permissions, and advanced data sources.

This configuration is saved to the WordPress database immediately. There is no draft or preview state for table settings — once you click Save, the change goes live on every page where this table is embedded via shortcode or block.

This step completes the connection between your data source and the TableCrafter table engine. Once saved, the plugin caches the connection credentials in the WordPress options table and uses them on every subsequent page load. If you update the source configuration later — for example, rotating an API key or changing a sheet URL — return to this step, enter the new value, and save again. The table updates immediately on next load without any shortcode changes.