The WebSphere Commerce system provides a default set of roles for the following groups:
- Technical operations roles
- Marketing and sales roles
- Logistics and operations roles
- Business relationship roles
Note: The buyer (buy-side) role is an individual who makes purchases from the seller on behalf of some customer account. Usually purchases are made under one or more agreements negotiated with the seller. The buyer interacts with the seller's Web site to make purchases.
The Member subsystem supports assigning these roles, as well as any new roles created by the Site Administrator, by organizational entity; that is, users who belong to an organizational entity can take on roles assigned to that organizational entity.
The Member subsystem also supports assigning roles to users. When a user is assigned a role, the role is scoped to organizational entity so that user plays that role with respect to one or more organizational entities. When a user is assigned a role, the user does not necessarily play that role for the organizational entity to which they belong; that is, when an administrator performs the assignment, the administrator can select which organizational entity for which the user plays that role. If the administrator selects the Root Organization, the user plays that role for all the organizational entities.
By default, only users with specific roles are authorized to perform role assignment, as follows:
- A Site Administrator is the only role that has the authority to create, assign or unassign roles to and from all users or organizational entities. To maintain access control defined by roles, while roles can be added, they cannot be removed or renamed.
- A Seller Administrator or Buyer Administrator has the authority to do the following:
- Assign or unassign roles to the organizational entity for which they are the Seller Administrator or Buyer Administrator, and to organizational entities below that organizational entity. However, the organizational entity for which the administrator performs the assignment or unassignment must not be the administrator's parent or ancestor in the membership hierarchy.
- Assign or unassign roles to users who belong to the organizational entity for which they are the Seller Administrator or Buyer Administrator, or who belong to the organizational entities below this organizational entity.
- Assign roles to themselves.
- A member can only be assigned a role if its parent organizational entity has been assigned the same role. An organizational entity can only be assigned roles which its parent organizational entity has been assigned.
Every user in the Member subsystem has an attribute called RegisterType, which can have one of four valid values as follows:
Registration type | Description |
---|---|
S | User has been assigned the Site Administrator or Channel Manager roles. |
A | User has been assigned certain roles within the Seller organization, such as Operations Manager, Customer Service Representative, or Seller Administrator.
A default implicit member group called Administrators is shipped with WebSphere Commerce with the above list of roles defined as criteria. During role assignment and unassignment, if the role being assigned or unassigned is an administrative role, the value of RegisterType will be set accordingly to maintain consistency. |
R | Registered user. A user who has registered and provided WebSphere Commerce with some profile data. |
G | Guest user. A user who has not registered. |
The value of 'A' is role-related while the values of 'R' and 'G' are related to whether or not the user has registered.
Important: Although 'A' is supported as valid values for RegistrationType, in a future version of WebSphere Commerce, they may be separated from RegisterType and become values of a different attribute. Consequently, code should not be written to depend on'A' being the value of the RegisterType attribute. If code needs to be written to examine the role or registration type of a user, such code should be replaced by access control policies or written to use appropriate APIs instead.
All roles are defined in the ROLE table, and are automatically assigned to the Root Organization. The MBRROLE table contain role assignment information for users and organizational entities. In addition, the MBRGRP and MBRGRPCOND database tables store other role related information.