Concept - CaaS DevOps - Access and Permissions

1 Introduction

This document describes permissions and responsibilities for accessing and deploying Intershop CaaS projects.

Note

The focus lies on post-go-live deployments. Deployments during the project phase are briefly mentioned at the end of this guide.

1.1 References

1.2 Glossary

TermDescription
DEVDevelopment Team
ICMIntershop Commerce Management
INTIntegration environment
IOMIntershop Order Management
OPSOperations
PRDProduction environment
PWAProgressive Web App
UATUser acceptance test environment

2 Deployments

The following table lists responsibilities for deployments:

Application/ModuleINTUATPRD
Intershop Commerce Management (ICM)OPS/DEVOPS/DEVOPS
Intershop Progressive Web App (PWA)OPS/DEVOPS/DEVOPS
Intershop Order Management (IOM)DEVDEVOPS

3 Access Permissions

The following table on this page summarizes the access rights and restrictions for Intershop Commerce Platform projects:

Application/ServiceSubsectionEnvironmentNotes


INTUATPRD
ICM




Storefront

OPS/DEV/CUSTOMER




Organizational Backoffice

(OPS)/DEV/CUSTOMER




Operations BackofficeOPS/DEV

OPS/DEV  (new)

See Access to Operations Backoffice (PRD)
System Management Console (SMC)OPS/DEV

OPS/DEV (new)

See Access to SMC (PRD)
SSH (to virtual machines)OPS/DEVOPS
DatabaseOPS/DEVOPS
Solr Cloud Admin FrontendOPS
IOMAdmin Console (OMT)OPS
DatabaseOPS
CI/CD servicesAzure DevOpsOPS/DEVOPS/DEVOPS

Jenkins

OPS/DEVOPS/DEVOPSMiscellaneous processes (deployments, restart web server or application server, synchronization processes, ...)
Logs Shared File System (ICM)OPS/DEV
AKS (PWA, ICM 7.11, IOM 3.x)OPS/DEV (new)See Logging / AKS (PWA, ICM 7.11, IOM 3.x)

Newly introduced access options are marked accordingly.

For existing CaaS projects, you can request the new access options via ticket. Please name a main technical contact when creating a ticket.

3.1 Access to Operations Backoffice (PRD)

  • A main contact person (e.g. DEV lead engineer) of the implementation partner receives a dedicated user with appropriate authorizations. If required, he may create additional users (maximum of 3 users).
  • Determinations:
    • Generally, the user has "read access".
    • The user is allowed to execute various activities (user management, ...). If it appears necessary, OPS should be informed of the actions or changes ("write access").
    • Any configuration changes must be agreed in advance with OPS (such as service configurations, ...).
  • Access is generally intended:

    • For replication status check and manual start,

    • To activate/deactivate services.

Taking action and making changes in the PRD operations back office may have a serious impact on the environment. Service failures caused by the implementation partner are the responsibility of the implementation partner and must be reported immediately. For reasons of traceability, user auditing is activated.

3.2 Access to SMC (PRD)

  • A main contact person (e.g. DEV lead engineer) of the implementation partner receives a dedicated user with appropriate authorizations. If required, he may create additional users (maximum of 3 users).
  • Determinations:
    • Generally, the user has "read access".
    • The user is allowed to execute various activities (jobs, process chains, ...). If it appears necessary, OPS should be informed of the actions or changes ("write access").
    • Any configuration changes must be agreed in advance with OPS.
  • Access is generally intended:
    • To check the job status and configuration, as well as manual starting,
    • To use the file browser (log file access and if necessary also sites or any other desired ICM directory),
    • To check active properties settings,
    • To use monitor features (e.g. locking conflicts when executing jobs).

Taking action and making changes in the PRD SMC may have a serious impact on the environment. Service failures caused by the implementation partner are the responsibility of the implementation partner and must be reported immediately. For reasons of traceability, user auditing is activated.

The following must be considered when using the SMC:

  • Be careful with file downloads in SMC. The file browser should be used to download individual files only. The ZIP file feature should not be used.

  • No logging adjustments should be made.

  • No adjustments to the performance monitoring should be made.

  • No thread or heap dumps should be created.

4 During the Setup Phase

During the setup phase, so before the shop is live, the changes on PRD are lot less critical. For this reason, the access to PRD for DEV is at that point similar to those on UAT. It means i.e. full access to Operations Backoffice and System Management Console.

The switch between the access rights in place during the Setup Phase and those described above takes place in the end of the hypercare phase.

Disclaimer

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Customer Support
Knowledge Base
Product Resources
Tickets