diff --git a/docs/administration/recent_activity/recent_activity.md b/docs/administration/recent_activity/recent_activity.md
index 02e3dcd0e5..49edb242da 100644
--- a/docs/administration/recent_activity/recent_activity.md
+++ b/docs/administration/recent_activity/recent_activity.md
@@ -43,7 +43,7 @@ For every exact hour, the cronjob line is:
## Permission and security
The [`activity_log/read`](policies.md#activity-log) policy gives a role the access to the **Admin** -> **Activity list**, the dashboard's **Recent activity** block, and the user profile's **Recent activity**.
-It can be limited to "Only own logs" ([`ActivityLogOwner`](limitation_reference.md#activitylogowner-limitation)).
+It can be limited to "Only own logs" ([`ActivityLogOwner`](limitation_reference.md#activity-log-owner-limitation)).
The policy should be given to every roles having access to the back office, at least with the `ActivityLogOwner` owner limitation, to allow them to use the "Recent activity" block in the [default dashboard](configure_default_dashboard.md) or their [custom dashboard](customize_dashboard.md).
This policy is required to view [activity log in user profile]([[= user_doc =]]/getting_started/get_started/#view-and-edit-user-profile), if [profile is enabled](update_from_4.5.md#user-profile).
diff --git a/docs/permissions/limitation_reference.md b/docs/permissions/limitation_reference.md
index 40bcc538fa..cc05ab5c96 100644
--- a/docs/permissions/limitation_reference.md
+++ b/docs/permissions/limitation_reference.md
@@ -33,17 +33,17 @@ Out of the box FunctionList uses it in the following way:
- {name: ibexa.permissions.limitation_type, alias: FunctionList}
```
-## ActivityLogOwner limitation
+## Activity log Owner limitation
-The `ActivityLogOwner` limitation specifies if a user can see only their own [recent activity](recent_activity.md) log entries, and not entries from other users.
+The Activity log Owner (`ActivityLogOwner`) limitation specifies if a user can see only their own [recent activity](recent_activity.md) log entries, and not entries from other users.
| Value | UI value | Description |
|-------|-----------------|--------------------------------------------------------------|
| `1` | "Only own logs" | Current user can only access their own activity log entries. |
-## CartOwner limitation
+## Cart Owner limitation
-The `CartOwner` limitation specifies whether the user can modify a cart.
+The Cart Owner (`CartOwner`) limitation specifies whether the user can modify a cart.
### Possible values
@@ -62,6 +62,16 @@ The Change Owner (`ChangeOwner`) limitation specifies whether the user can chang
|------|------|------|
|`1`|"Forbid"|The user cannot change owner of a content item|
+## Discount Owner limitation [[% include 'snippets/lts-update_badge.md' %]] [[% include 'snippets/commerce_badge.md' %]]
+
+The Discount Owner (`DiscountOwner`) limitation specifies whether the user can interact with a [discount](discounts.md).
+
+### Possible values
+
+|Value|UI value|Description|
+|------|------|------|
+|"self"|"self"|Only the user who is the owner of the discount gets access.|
+
## Content type Group limitation
The Content Type Group (`UserGroup`) limitation specifies that only users with at least one common *direct* user group with the owner of content get the selected access right.
diff --git a/docs/permissions/permission_use_cases.md b/docs/permissions/permission_use_cases.md
index cd043357de..73b34f390f 100644
--- a/docs/permissions/permission_use_cases.md
+++ b/docs/permissions/permission_use_cases.md
@@ -269,6 +269,22 @@ Set the following permissions to decide what actions are available when users in
- `checkout/update` - to allow users to modify existing information, for example item quantity
- `checkout/delete` - to delete checkout
+### Discount management [[% include 'snippets/lts-update_badge.md' %]]
+
+Set the following permissions to decide what actions are available when users interact with [discounts](discounts.md) in the back office:
+
+- `discount/create` - to allow the user to create a new discount
+- `discount/update` - to allow the user to change the parameters of an existing discount
+- `discount/view` - to allow the user to view discounts data
+- `discount/delete` - to delete an existing discount
+- `discount/enable` - to allow the user to enable an existing discount
+- `discount/disable` - to allow the user to disable an existing discount
+
+To further control access to a discount, you can use the `DiscountOwner` limitation and set its value to `self`.
+This way users can only interact with their own discounts.
+
+Store users do not need any permissions to use discounts in the buying process.
+
### Order management
Set the following permissions to decide what actions are available when users interact with orders:
diff --git a/docs/permissions/policies.md b/docs/permissions/policies.md
index d7ab811549..08830e444c 100644
--- a/docs/permissions/policies.md
+++ b/docs/permissions/policies.md
@@ -27,9 +27,9 @@ Each role you assign to user or user group consists of policies which define, wh
| Module | Function | Effect | Possible Limitations |
|------------------------------|--------------------|----------------------|-------------------------------------------------------------------------|
-| `activity_log` | `read` | access activity list | [ActivityLogOwner](limitation_reference.md#activitylogowner-limitation) |
+| `activity_log` | `read` | access activity list | [ActivityLogOwner](limitation_reference.md#activity-log-owner-limitation) |
-#### AI actions
+#### AI actions [[% include 'snippets/lts-update_badge.md' %]]
| Module | Function | Effect | Possible Limitations |
|-------------------------------------|------------------------|------------------------|----------------------|
@@ -103,10 +103,10 @@ Each role you assign to user or user group consists of policies which define, wh
| Module | Function | Effect | Possible limitations |
|---------------------|-----------------------|---------------------------------------------------------------------|-----------------------------------------------------------|
-| `cart` | `create` | create a cart | [CartOwner](limitation_reference.md#cartowner-limitation) |
-| | `delete` | delete cart, for example, after successful checkout | [CartOwner](limitation_reference.md#cartowner-limitation) |
-| | `edit` | change cart metadata (name, currency, owner), add/remove cart items | [CartOwner](limitation_reference.md#cartowner-limitation) |
-| | `view` | view a cart | [CartOwner](limitation_reference.md#cartowner-limitation) |
+| `cart` | `create` | create a cart | [CartOwner](limitation_reference.md#cart-owner-limitation) |
+| | `delete` | delete cart, for example, after successful checkout | [CartOwner](limitation_reference.md#cart-owner-limitation) |
+| | `edit` | change cart metadata (name, currency, owner), add/remove cart items | [CartOwner](limitation_reference.md#cart-owner-limitation) |
+| | `view` | view a cart | [CartOwner](limitation_reference.md#cart-owner-limitation) |
#### Checkout [[% include 'snippets/commerce_badge.md' %]]
@@ -124,6 +124,25 @@ Each role you assign to user or user group consists of policies which define, wh
| `commerce` | `currency` | manage currencies |
| | `region` | manage regions |
+#### Discounts [[% include 'snippets/lts-update_badge.md' %]] [[% include 'snippets/commerce_badge.md' %]]
+
+The discount policies decide which actions can be executed by given user or user group.
+
+!!! caution "Customers and discount policies"
+
+ Customers don't need any policies to use the discounts on the [storefront](storefront.md).
+ Even the `discount/view` policy would allow them to access all the discount details, including the coupon codes to activate them, which could lead to system abuse.
+
+
+| Module | Function | Effect | Possible limitations |
+|----------------------|--------------------------|-----------------------------|----------------------------------------------------|
+| `discount` | `create` | create a discount | [DiscountOwner](limitation_reference.md#discount-owner-limitation) |
+| | `update` | modify discount parameters | [DiscountOwner](limitation_reference.md#discount-owner-limitation) |
+| | `view` | view discounts (including its details) | [DiscountOwner](limitation_reference.md#discount-owner-limitation) |
+| | `delete` | delete a discount | [DiscountOwner](limitation_reference.md#discount-owner-limitation) |
+| | `enable` | enable a discount | [DiscountOwner](limitation_reference.md#discount-owner-limitation) |
+| | `disable` | disable a discount | [DiscountOwner](limitation_reference.md#discount-owner-limitation) |
+
#### Orders [[% include 'snippets/commerce_badge.md' %]]
| Module | Function | Effect | Possible limitations |