Entity permissions

  • Updated

Only roles that start with "ISC_" will appear in the Roles section of the Admin Console.

Individual roles can be edited within the Application Dictionary. Roles can be given Can Create, Can Edit, Can View, and Can Delete permissions. If these permission grant access to the entity, they will override the more general entity restriction.

Roles

  • Entity Permission
  • Roles
  • Property Configuration
  • Property Definition

Property permissions are determined based on the following hierarchy:

Property permissions

Although the Application Dictionary UI allows users to change and save permissions for the above listed immutable Entities, the changes will not actually take effect.

These entities will also have Can Create as Yes when inherited. These entities cannot be manually created by a user, but the system will be able to create new records which is reflected in the Application Dictionary.

  • Audit
  • ApplicationLog
  • CreditCardTransaction
  • GiftCardTransaction
  • OrderHistory
  • OrderHistoryLine

Below are a list of entities that can only be viewed or hidden.

Immutable entities

By default, all Application Dictionary permissions are set to Inherit. The Inherit permissions level is flexible, in that it provides the user role with the expected level of access as defined by the default role permissions. Once a permission level is altered in the Application Dictionary, it overrides the default role permission.

The exception to this is Can Delete. Can Delete only has access to Can View, but does not give access to Can Edit or Can Create.

There are three permission levels that control the extent to which a user can interact with Admin Console entities. Each level guarantees access to the lower level, such that if a user can Create, she can also Edit and View. If she cannot Create, but can Edit, she can also View. This is dynamically reflected in the UI of the Application Dictionary.

Entity permission

Permissions are determined from the most general to the most specific, with permissions being more open than more secure. For example, if a user has two roles, one with access to a page and one without access to a page, the user would still be able to access the page.

Permission hierarchy

Use the Application Dictionary in the Admin Console to manage entity permissions like creation rights and site visibility for Configured Commerce users. Permissions are handled on both the entity level and the user role level. Although the Admin Console comes with several default user roles, custom roles can be created to fit specific business needs.