- Sitemap
Introduction
This document explains the basic concept of the user permission management of the Intershop Order Management. This document is aimed at business users, project developers, and operators.
References
Guide - IOM Basic Business Configuration | Create a User, Role and Assign Permissions to use the project configuration
Intershop Order Management Help | Platform Administration to use the back office
Glossary
User | A person or technical account that interacts with the system, usually possesses a unique identifier (like a username) and authentication credentials ( |
Permission | The ability to perform a specific access or action to a specific resource, e.g. to view orders ( |
Role | A set of predefined permissions related to specific tasks or responsibilities |
User-Organization assignment | A user “exists” within assigned organizations and their children only ( |
User-Role-Organization assignment | Effective user permissions assignments |
In General
As part of user management, permissions grant users specific access and operations to specific resources. In IOM, permissions are granted to users via roles.
User permissions can also specify:
The type of access - for example, a user might be allowed to read data without modifying it (read-only) or be allowed to read and write data.
Specific functions a user can access - for example, most systems have an administrator role that allows users to assign permissions to other users.
Grant Permissions to a User
Using the project configuration: Guide - IOM Basic Business Configuration | Create a User, Role and Assign Permissions
Using the back office: Intershop Order Management Help | Platform Administration
The basic steps are:
Creation or usage of a user assigned to at least one organization
Creation or usage of a role containing permissions
Assignment of a role to a user and assignment of the user to at least one organization
The permissions will be granted to all selected organizations and its children. Also refer Concept - IOM Organizations.
Reserved/Predefined Roles
The IOM initial database dumps come with two predefined roles:
FullOMTClient, which contains all permissions to use the back office, except for the user administration
FullPlatformAdmin, a selection of administrative permissions, like user management
These predefined roles should not be edited in the back office, as this can lead to inconsistencies with regard to (idempotent) configuration scripts.
Reserved/Predefined Users
The IOM initial database dumps come with two predefined users:
internal required: This is a required “dummy” user which is internally used mainly to assign an owner to some batch processes.
Do not modify or delete it. (This user will probably not be visible anymore in a future IOM version).IOM Admin: This user has almost all permissions at all organizations and can be used to discover all features of the back office.
Consider deleting the user IOM Admin in productive systems, or at least modifying its default password. This user can be used to login in the back office after an installation with the initial dump in order to define further users. Its initial password is ‘!InterShop00!’