Role-based security

  • Updated

The Admin Console in Optimizely Configured Commerce uses role-based security. Each user is assigned one or more roles, which control fields and menu permissions in the Admin Console. The Admin Console includes several roles by default; however, you can create additional roles for security purposes or to implement customized functionality.

Users cannot grant themselves permissions with greater access than their current role.

  • ISC_System – Can assign any role. This is an Optimizely-only role and displays here for reference.
  • ISC_Implementer – Can assign any role other than ISC_System.
  • ISC_Admin – Can assign any role other than ISC_System and ISC_Implementer.

The Application Dictionary manages fields and menu security for each role. ISC_System and ISC_Implementers can choose which roles can view, edit, create, and delete content within the Admin Console.

  • Hidden – Does not display field or menu.
  • Visible – Displays field or menu, but the user cannot modify them.
  • Enabled – Displays and allows modifications to the field or menu.

Implement field-level security

When necessary, you can restrict access to various fields within the Admin Console. This is managed by assigning Role attributes to fields in the Application Dictionary. Due to needing access to the Application Dictionary, this functionality is limited to ISC_System, ISC_Implementer, and ISC_Admin.

Before implementing field-level security, assign users to the roles that will be restricted. These roles are then assigned as attributes to the field that is to be restricted.

Here is how to assign users to roles:

  1. Log in to the Admin Console as one of the previous roles.
  2. Assign all users whose access you would like to limit to the desired role:
    1. Go to Admin Console > Administration > Console Users
    2. Click Edit for the user.
    3. Select the roles from the Available Roles list.
    4. Click Save.
    5. Repeat the steps for each user.

Here is how to secure access to specific fields based on roles:

  1. Go to Administration > Application Dictionary.
  2. Search for the Entity, such as Customer, and click Edit.
  3. Go to the Properties tab and click Edit beside the property you want to control.
  4. Go to the Permissions tab and click Edit beside the role name.
  5. Use the radio buttons to modify access to the role.

    ModifyAccess.png

  6. Click Save.

Create custom roles

Configured Commerce lets you create custom roles for the Admin Console so you can choose the exact level of security. 

  1. Go to Admin Console > Administration > Roles.
  2. Click Add Role.
  3. Enter the name of the new role. If the role should access the Admin Console, it must begin with ISC_. Any role not preceded by ISC_ does not display for permissions in the Application Dictionary.
  4. Click Save.

Follow the steps in Implement field-level security to edit the permissions for this role.