Document Properties
Kbid
L29890
Last Modified
14-Nov-2023
Added to KB
03-Jun-2021
Public Access
Everyone
Status
Online
Doc Type
Concepts
Product
  • ICM 7.10
  • Intershop Progressive Web App
  • Intershop Commerce Platform
  • IOM 4.0
  • IOM 4.1
  • IOM 4.2
  • IOM 4.3
  • IOM 4.4
  • IOM 4.5
Concept - Intershop Commerce Platform DevOps - Access and Permissions

Introduction

This document describes permissions and responsibilities for accessing and deploying Intershop Commerce Platform projects.

Note

The focus lies on post-go-live deployments. Deployments during the project phase are briefly mentioned at the end of this guide.

References

Glossary

TermDescription
DEVDevelopment Team
ICMIntershop Commerce Management
INTIntegration environment
IOMIntershop Order Management
OPSOperations
PRDProduction environment
PWAProgressive Web App
UATUser acceptance test environment

Deployments

The following table lists responsibilities for deployments:

Application/ModuleINTUATPRD
Intershop Commerce Management (ICM)OPS/DEVOPS/DEVOPS1/DEV2
Intershop Progressive Web App (PWA)OPS/DEVOPS/DEVOPS
Intershop Order Management (IOM)DEVDEVOPS

1 Both, code and full deployments

2 Code deployment only

For details, refer to Guide - Intershop Commerce Platform Deployment Process (valid to 7.10) | Deployment Types.

Access Permissions

The following table on this page summarizes the access rights and restrictions for Intershop Commerce Platform projects:

Application/ServiceSubsectionEnvironmentNotes


INTUATPRD
ICM




Storefront

OPS/DEV/CUSTOMER




Organizational Backoffice

(OPS)/DEV/CUSTOMER




Operations BackofficeOPS/DEV

OPS/DEV  (new)

See Access to Operations Backoffice (PRD)
System Management Console (SMC)OPS/DEV

OPS/DEV (new)

See Access to SMC (PRD)
SSH (to virtual machines)OPS/DEVOPS
DatabaseOPS/DEV1OPS
SolrCloud Admin FrontendOPS
IOMAdmin Console (OMT)OPS
DatabaseOPS
CI/CD servicesAzure DevOpsOPS/DEVOPS/DEVOPS

Jenkins

OPS/DEVOPS/DEVOPSMiscellaneous processes (deployments, restart web server or application server, synchronization processes, etc.)
Logs Shared File System (ICM)OPS/DEV



DB Credentials

1 The DB credentials for INT can be found in the orm.properties file. UAT (or any other NonPRD environments) DB credentials may be requested via service desk ticket on demand.

The connection to any NonPRD DB will be done via SSH connection to INT environment (app server). For further details see here: Guide - Intershop Commerce Platform Database Handling \ Connect To SQL Database

Newly introduced access options are marked accordingly.

For existing Intershop Commerce Platform projects, you can request the new access options via a ticket. Please name the main technical contact when creating a ticket.

Access to Operations Backoffice (PRD)

A main contact person (e.g., DEV lead engineer) of the implementation partner receives a dedicated user with appropriate authorizations. If required, this user may create additional users (maximum of three users).

Determinations:

  • In general, the access option should be used for reading purposes ("read access").
  • Beyond "read access" the user is allowed to perform the following activities:
    • user management (add, update users, etc.)
    • data replication status check
    • data replication process creation
    • manual starting of data replication process
    • activate/deactivate services next to transport configurations
    • enable/disable URL rewriting
  • If these changes are expected to affect the operation of the platform in any way, the operations team should be informed in advance.
  • Any other configuration changes must be agreed in advance with OPS (such as service configurations, etc.)

Taking action and making changes in the PRD operations back office may have a serious impact on the environment. Service failures caused by the implementation partner are the responsibility of the implementation partner and must be reported immediately. For reasons of traceability, user auditing is activated.

Access to SMC (PRD)

A main contact person (e.g. DEV lead engineer) of the implementation partner receives a dedicated user with appropriate authorizations. If required, he may create additional users (maximum of 3 users).

Determinations:

  • In general, the access option should be used for reading purposes. ("read access")
  • Beyond "read access" the user is allowed to perform the following activities:
    • check the job status and configuration, as well as manual starting,
    • manage process chains
    • use the file browser (access log file and if necessary also sites or any other desired ICM directory),
    • check active properties settings,
    • use monitoring features (e.g. locking conflicts when executing jobs).
  • If these changes are expected to affect the operation of the platform in any way, the operations team should be informed in advance.
  • Any other configuration changes must be agreed in advance with OPS.

Taking action and making changes in the PRD SMC may have a serious impact on the environment. Service failures caused by the implementation partner are the responsibility of the implementation partner and must be reported immediately. For reasons of traceability, user auditing is activated.

The following must be considered when using the SMC:

  • Be careful with file downloads in SMC. The file browser should be used to download individual files only. The ZIP file feature should not be used.

  • No logging adjustments should be made.

  • No adjustments to the performance monitoring should be made.

  • No thread or heap dumps should be created.

During the Setup Phase

During the setup phase, before the shop is live, the changes on PRD are lot less critical. For this reason, the access to PRD for DEV is at that point similar to those on UAT. It means full access to Operations back office and System Management Console.

The switch between the access rights during the setup phase and those described above takes place at the end of the hyper care phase.

Restrictions

Intershop wants the best possible security for all components for a customer solution. Therefore, the sources and the build process as well as the build results must be located on the Intershop platform in the controlled Azure DevOps environment. It is not possible to operate container images, built outside of this environment.

Disclaimer
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.
The Intershop Knowledge Portal uses only technically necessary cookies. We do not track visitors or have visitors tracked by 3rd parties. Please find further information on privacy in the Intershop Privacy Policy and Legal Notice.
Home
Knowledge Base
Product Releases
Log on to continue
This Knowledge Base document is reserved for registered customers.
Log on with your Intershop Entra ID to continue.
Write an email to supportadmin@intershop.de if you experience login issues,
or if you want to register as customer.