User migration and permission considerations

  • Updated

This article references code changes.

User changes

When migrating from version 4.x to version 4.3 or higher, it is important to understand how the users are split into two groupings: Console Users and Website Users. Prior to 4.3, Optimizely Configured Commerce used one bucket to manage users, which was simply called Users. It was from here that Users were assigned their roles and profile information. To make it easier for Administrators to know what type of User they are creating, 4.3.0 split the Users group into the more granular groups of Console Users and Website Users. This allows the Administrators to not only identify what type of User they are creating, but also to allow the Administrator to customize the security settings, emails and workflows that are applied.

During the upgrade process, the following logic is applied to Users:

  • Users with only ISC_ roles are converted to console users
  • Users with non ISC_ roles are converted to websites users and assigned to all websites
  • Users with both role types are split into both console and website users and website user is assigned to all websites
  • Users that get create both console and website users should still have the same password

Permissions changes

The default entity permissions have been changed for the userProfile (Website User) entity. This pertains to working with Website Users in the admin portion of Configured Commerce. Previously, the default permissions allowed any admin user with any role to view, create, edit, and delete Website Users. Now, the default permissions are pulled back and locked down to only allow certain roles this type of access to Website Users. By default the ISC_Admin and ISC_System roles will be allowed permission to view, create, edit, and delete Website Users. The userProfile list will be hidden from other roles by default.

Code changes:

If you made any entity permissions changes to userProfile, verify the permissions are in tact after an upgrade. If they were affected, you will need to use the Application Dictionary section of the Admin Console to correct them. The Help Center provides a series of articles about the Application Dictionary and how to configure it.