Tell us what you think

We want to create the best possible experience for our learners. Your feedback helps us to improve the experience for everyone.

Understanding Security Management

Objective

After completing this lesson, you will be able to determine the basic security data models and features needed to manage user roles and permissions

Security Overview

Security management in SAP Commerce Cloud covers several key areas:

Web Access Management regulates user access to web applications based on varying roles and permissions. It can restrict access to specific IP ranges or geographic areas. It uses Spring Security for a robust, customizable framework aimed at securing web applications.
Backend UI Access Rights includes access to all backend UIs like SAP Commerce Cloud administration console (HAC) or Backoffice by different users. Access and functionality for each user typically depend on their assigned user roles and permissions.
Data Permission uses role-based data permission to regulate access to different data types and items. Administrators can assign user roles, determining who gets access to what data. Each role has specific permissions linked to various data types, for instance, customer data, product data, or order information.
Database Security assists in protection of data integrity by employing multiple strategies,
- Mainly, it offers transparent symmetric encryption that auto-encodes data before storing it, thus reducing the risk of unauthorized access.
- Field encryption is another security measure that protects confidential, specific data fields from public view.
- Further, SAP curtails database user rights, ensuring each user has only suitable access levels to prevent both accidental modifications and deliberate breaches.

In this unit, we'll explore each area in more detail. But before we go further, it's vital that we understand the basics of security management, especially about user accounts.

User Accounts

Individual people or user groups can use user accounts in the SAP Commerce Cloud. These accounts determine:

Who can or cannot authenticate against a part of an application.
Who can or cannot perform specific tasks.

The below diagram illustrates the main item types associated with user accounts.

This image outlines user accounts type hierarchy.

Principal serves as the root type that both User and PrincipalGroup types inherit from.
A Principal can either be a User or a Principal Group.
User includes both Employee and Customer. Employees are considered internal users who manage the system. They have more rights and responsibilities than Customers, who are the end-users or consumers of the service.
PrincipalGroup refers to a collection of Users and other User Groups. These can be organized into hierarchical structures.
In SAP Commerce Cloud, this type is used to collectively manage permissions and access controls for various users.
UserGroup is used to aggregate several users for the common sharing of permissions and access rights.
For example, the admingroup unites employee users with administrative permissions.
In SAP Commerce Cloud, a Company represents an organization or a business entity.
It can be associated with various users (customers and employees) and user groups. By doing so, it aids in managing and segregating data and operations for different organizations within the same system, particularly in the B2B segments.

Having grasped the basics of item types related to user accounts, proceed to learn where these accounts make a difference in SAP Commerce Cloud.

This image outlines the major areas user accounts affect.

In Backoffice, user accounts control the visibility of elements based on the user group associated with a user. For further details, please refer to the section on Business Roles in Backoffice
Within Workflows, user accounts can be designated with specific roles and permissions, determining what tasks users can access or execute. This promotes both security and productivity by ensuring suitable task assignment and access.
Web Services need user-specific access rights for both Omni Commerce Connect (OCC) and Integration API Module.
- For further information on Web Services based on OCC, refer to this link.
- For more details on Web Services in the Integration API Module, please visit this link.
When it comes to Order Process, a customer's shopping experience is influenced by their user account, requiring them to either log in or shop as a guest. More information about order process is provided in a different unit of this learning journey.
Each CronJob is linked to a specific user account that has the necessary permissions to carry out the tasks. Additional information about CronJobs is presented in a different section of this learning journey.
A JaloSession encapsulates data about the current user and their settings. It creates a context for SAP Commerce to process user-specific requests. For more information, refer to the Jalo Session section.

In the following lessons, we will delve into the details of setting up access control for user accounts across multiple domains.

Next lesson