This document explains the basic concept of the user permission management of the Intershop Order Management. This document is aimed at business users, project developers, and operators.
Guide - IOM Basic Business Configuration | Create a User, Role and Assign Permissions to use the project configuration
Intershop Order Management Help | Platform Administration to use the back office
A person or technical account that interacts with the system, usually possesses a unique identifier (like a username) and authentication credentials (
The ability to perform a specific access or action to a specific resource, e.g. to view orders (
A set of predefined permissions related to specific tasks or responsibilities
A user “exists” within assigned organizations and their children only (
Effective user permissions assignments
As part of user management, permissions grant users specific access and operations to specific resources. In IOM, permissions are granted to users via roles.
User permissions can also specify:
The type of access - for example, a user might be allowed to read data without modifying it (read-only) or be allowed to read and write data.
Specific functions a user can access - for example, most systems have an administrator role that allows users to assign permissions to other users.
Using the project configuration: Guide - IOM Basic Business Configuration | Create a User, Role and Assign Permissions
Using the back office: Intershop Order Management Help | Platform Administration
The basic steps are:
Creation or usage of a user assigned to at least one organization
Creation or usage of a role containing permissions
Assignment of a role to a user and assignment of the user to at least one organization
The permissions will be granted to all selected organizations and its children. Also refer Concept - IOM Organizations.
The IOM initial database dumps come with two predefined roles:
FullOMTClient, which contains all permissions to use the back office, except for the user administration
FullPlatformAdmin, a selection of administrative permissions, like user management
These predefined roles should not be edited in the back office, as this can lead to inconsistencies with regard to (idempotent) configuration scripts.
The IOM initial database dumps come with two predefined users:
internal required: This is a required “dummy” user which is internally used mainly to assign an owner to some batch processes.
Do not modify or delete it. (This user will probably not be visible anymore in a future IOM version).
IOM Admin: This user has almost all permissions at all organizations and can be used to discover all features of the back office.
Consider deleting the user IOM Admin in productive systems, or at least modifying its default password. This user can be used to login in the back office after an installation with the initial dump in order to define further users. Its initial password is ‘!InterShop00!’
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.