Role & Record based security in Hitachi Solutions Ecommerce

© Hitachi Solutions. 2015. All rights reserved.

Role & Record Based Security withHitachi Solutions Ecommerce


Contents

1. Feature Overview

2. Types of roles in the Manager Panel

3. Assign roles to individual users

4. Assign channels and companies

5. View and edit profile details

6. Restricting ‘Write’ access to Manager Panel records

7. Security features

8. Restricted access to fundamental organization setups

9. Accessing organization menus

2


Feature overview

• Multi-tenant User Management - A security manager can assign various companies, channels and

records that a CSR can access along with individual roles in the Manager Panel. This helps improve

collaboration between CSRs across different channels for a multi-tenant merchant.

• Intuitive User Interface - The Manager Panel UI is user friendly and allows the Security Manager to

create new users/CSRs and assign them business roles with a single click.

• PCI - PADSS Compliant - Payment gateway configurations are accessible only to authorized ‘Payment

Managers’ as per PCI-PADSS 2.0 standards. Audit trail logs that track all CSR activities are maintained in

the Manager Panel as well.


The Manager Panel user/CSR’s activities in the Manager Panel are defined by the roles assigned to him by the Security Administrator. Ten primary

roles have been created that segregate activities based on the different modules in the Manager Panel. A merchant can request for additional roles to

be created as per his business needs. Roles based security allows users belonging to partner legal entities such as dealers or franchise retailers to

login to the Manager Panel to service their orders directly.

Types of roles in the Manager Panel

Role Description

Catalog Manager This role has read and write access to the Catalog Module.

Content Manager This role has read and write access to edit virtual pages, content blocks, content groups and articles.

Customer Manager This role has read and write access to the Customer Module.

Marketing Manager This role has read and write access to the Marketing Module.

Operation Manager This role enables operations on the Integration Related Screen.

Returns Manager This role has read and write access to the Returns Module.

Sales Manager This role has read and write access to the Sales Module.

Security Administrator This role has read and write access to the Manager Panel User Security Module.

Setup Manager This role has read and write access to the Setup Module.

Payment Manager This role has read and write access to the Online Payment Account Configuration Module.


The Security Administrator is authorized to create new users/CSRs via the security module and assign them specific roles that determine their levels of

access to the various modules in the Manager Panel. These roles can be modified at any time.

Security Administrator assigns roles to individual users


Multi-tenant merchants can provide CSRs access to multiple channels and/or companies they operate. These authorizations can be modified at the

security administrator’s discretion.

Assign channels and companies


Every user/ CSR has access to his own account and can edit his profile information such as name, designation, and ERP & CRM sales rep IDs as used

in the corresponding ERP & CRM solutions. The user cannot modify the roles, channels or companies assigned to him by the Security Manager.

View and edit profile details


8

Based upon the roles assigned to him, a CSR would have Read, Write & Full Access to the various modules in the Manager Panel. For examples, if a

CSR is assigned the role of Sales Manager, he would have complete access to the sales module and would be able to place orders, quotes, manage

invoices, create payments etc.

Assigned role determines access to Manager Panel records


If a CSR has not been assigned a particular role in the Manager Panel, then he would have only Read access to that module. This means that he would

not be authorized to make any changes, or use any of the features in that particular module. By providing only Read access the merchant continues to

ensure information sharing and collaboration between the CSRs, while guaranteeing data security for that module.

Restricting ‘Write’ access to Manager Panel records


10

A detailed record of all user activity is maintained in the Audit Logs in the

Security module and accessible to the Security Manager and

Organization Administrator as required. The reports can be downloaded if

necessary. This feature ensure compliance with PCI 3.0 standards.

User activity record Restricted access to security policies

The security policies related to all security parameters in the Manager

Panel can be accessed and managed only by the Organization

Administrator or the default Security Administrator. Only they can edit

the login and password policies that govern your web store.

Security features


Only the Organization Administrator and Security Administrator (created during the initial organization creation) are provided access to the basic organization set

ups in the Manager Panel. Only these users can create new organizations, and modify the URL master and the security setups. These parameters can be

modified as per the merchant’s business requirements.

Restricted access to fundamental organization setups


The Organization Administrator or the Security Administrator authorized to access the organization menus described in the previous slide, can access

the same by clicking on the organization link in the footer of the Manager Panel.

Accessing organization menus


Thank You.

Role & Record based security in Hitachi Solutions Ecommerce

Software

Transcript of Role & Record based security in Hitachi Solutions Ecommerce