2022-07-05: CE - Identity and Access Management (IAM)

Overview

The new Identity & Access Management Service for the Emporix Commerce Engine is designed to provide two key features:

  • Allow Employees of a tenant to be added to “Groups”

  • Apply Access Controls to the system at the API level and within the Management Dashboard interface for Employee Groups

What's new

Feature
Description

User types

For a tenant, there are two types of users available: customers and employees of that tenant.

Employee groups

Employee groups aggregate employees of a tenant that share the same access control within a particular service and resource. By assigning an employee to a particular group, you grant them a specific access control level. Access controls are applied to both the Emporix Management Dashboard and the APIs through scopes. To learn more about scopes, check out the Authorization and scopes guide.

Access controls and access control templates

Access controls combine both resources and roles. For example, a user with a manager role can view, create, delete, and edit resources within a service. You can use access control templates that contain predefined settings for roles. For more information, check out Access control templates in the Identity and access management (IAM) guide.

Resources

Objects within Emporix API services, for example area and time resources in the Delivery Service.

Roles

Roles encapsulate predefined permissions that allow users to perform actions on resources within services. For example, a user with a contributor role can create, view, and edit resources within a service, but cannot delete them.

Permissions

Permissions define what actions a user with a specific role can perform on resources within services. For example, a service might have permissions to perform the following actions on a resource: view, create, delete, and edit.

Localized fields

When creating or updating a group, permission, or role, you can specify its name and description in multiple languages.

We are currently shipping a set of pre-defined access control templates for our existing services which will control their existing API scopes. You can use these to effectively give “Viewer” or “Manager” roles to your employees. In the future we will allow more flexibility in the service, including allowing you to create your own custom roles/access control templates and to support custom services and resources. As of this release, however, that is not possible and you are restricted to using only what we provide.

Fixes and improvements

None as these are new services.

Known problems

No known problems at time of release.

Last updated

Was this helpful?