However, even if you disable the link to the full order list, people can still access the URL directly. And even without "administrate" rights, it's easy to manipulate the shop/orderview/<order_number> URL to view other orders. Some workarounds for this privacy issue I've used in the past include building separate views or creating override templates with hack-ish permission checking.