Concept - CaaS DevOps - Access and Permissions

1 Introduction

This document describes permissions and responsibilities for accessing and deploying Intershop CaaS projects.

Note

The focus lies on post-go-live deployments. Deployments during the project phase are briefly mentioned at the end of this guide.

1.1 References

1.2 Glossary

TermDescription
DEVDevelopment Team
ICMIntershop Commerce Management
INTIntegration environment
IOMIntershop Order Management
OPSOperations
PRDProduction environment
PWAProgressive Web App
UATUser acceptance test environment

2 Deployments

The following table lists responsibilities for deployments:

Application/ModuleINTUATPRD
Intershop Commerce Management (ICM)OPS/DEVOPS/DEVOPS
Intershop Progressive Web App (PWA)OPS/DEVOPS/DEVOPS
Intershop Order Management (IOM)DEVDEVOPS

3 Access Permissions

The following table on this page summarizes the access rights and restrictions for Intershop Commerce Platform projects:

Application/ServiceSubsectionEnvironmentNotes


INTUATPRD
ICM




Storefront

OPS/DEV/CUSTOMER




Organizational Backoffice

(OPS)/DEV/CUSTOMER




Operations BackofficeOPS/DEV

OPS/DEV  (new)

See Access to Operations Backoffice (PRD)
System Management Console (SMC)OPS/DEV

OPS/DEV (new)

See Access to SMC (PRD)
SSH (to virtual machines)OPS/DEVOPS
DatabaseOPS/DEVOPS
Solr Cloud Admin FrontendOPS
IOMAdmin Console (OMT)OPS
DatabaseOPS
CI/CD servicesAzure DevOpsOPS/DEVOPS/DEVOPS

Jenkins

OPS/DEVOPS/DEVOPSMiscellaneous processes (deployments, restart web server or application server, synchronization processes, ...)
Logs Shared File System (ICM)OPS/DEV
AKS (PWA, ICM 7.11, IOM 3.x)OPS/DEV (new)See Logging / AKS (PWA, ICM 7.11, IOM 3.x)

Newly introduced access options are marked accordingly.

For existing CaaS projects, you can request the new access options via ticket. Please name a main technical contact when creating a ticket.

3.1 Access to Operations Backoffice (PRD)

A main contact person (e.g. DEV lead engineer) of the implementation partner receives a dedicated user with appropriate authorizations. If required, he may create additional users (maximum of 3 users).

Determinations:

  • In general, the access option should be used for reading purposes. ("read access")
  • Beyond "read access" the user is allowed to perform the following activities:
    • user management (add, update users,…),
    • data replication status check,
    • data replication process creation,
    • manual starting of data replication process,
    • activate/deactivate services next to transport configurations,
    • enable/disable URL rewriting
  • If these changes are expected to affect the operation of the platform in any way, the operations team should be informed in advance.
  • Any other configuration changes must be agreed in advance with OPS (such as service configurations, ...).

Taking action and making changes in the PRD operations back office may have a serious impact on the environment. Service failures caused by the implementation partner are the responsibility of the implementation partner and must be reported immediately. For reasons of traceability, user auditing is activated.

3.2 Access to SMC (PRD)

A main contact person (e.g. DEV lead engineer) of the implementation partner receives a dedicated user with appropriate authorizations. If required, he may create additional users (maximum of 3 users).

Determinations:

  • In general, the access option should be used for reading purposes. ("read access")
  • Beyond "read access" the user is allowed to perform the following activities:
    • check the job status and configuration, as well as manual starting,
    • manage process chains
    • use the file browser (access log file and if necessary also sites or any other desired ICM directory),
    • check active properties settings,
    • use monitoring features (e.g. locking conflicts when executing jobs).
  • If these changes are expected to affect the operation of the platform in any way, the operations team should be informed in advance.
  • Any other configuration changes must be agreed in advance with OPS.

Taking action and making changes in the PRD SMC may have a serious impact on the environment. Service failures caused by the implementation partner are the responsibility of the implementation partner and must be reported immediately. For reasons of traceability, user auditing is activated.

The following must be considered when using the SMC:

  • Be careful with file downloads in SMC. The file browser should be used to download individual files only. The ZIP file feature should not be used.

  • No logging adjustments should be made.

  • No adjustments to the performance monitoring should be made.

  • No thread or heap dumps should be created.

4 During the Setup Phase

During the setup phase, so before the shop is live, the changes on PRD are lot less critical. For this reason, the access to PRD for DEV is at that point similar to those on UAT. It means i.e. full access to Operations Backoffice and System Management Console.

The switch between the access rights in place during the Setup Phase and those described above takes place in the end of the hypercare phase.

Disclaimer

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Customer Support
Knowledge Base
Product Resources
Tickets