Administrator Role
The administrator role is the top-level role for an organization. This role is automatically created and can't be deleted directly or indirectly by import.
The administrator role has the following properties:
- Is always available in a new instance.
- Cannot be deleted through Salesforce B2C Commerce tools or the import.
- Has access to all known system modules in all known sites (per organization).
- Automatically gets access to all system modules of a newly created site.
- Automatically gets access to new modules when deploying new releases (for all organizations and sites).
- Can be extended with functional permissions.
- Can be extended with access permissions for custom modules.
- Can access permissions on all locales assigned to all roles. For locales created after Release 16.9, administrators must explicitly grant locale-specific permissions to a relevant role.
Administrator access for all system modules is ensured via the following mechanisms:
- When a new site is created, the administrator role automatically receives the required access permissions for all site system modules. The administrator role maintains full access to all modules within all sites.
- When the server starts, B2C Commerce checks whether the organizational and site level administrator roles still have access to all known system modules in all sites. The administrator role automatically gets access to newly introduced system modules (for example, when deploying new releases).
Retrieving Passwords
We recommend that all customers and partners have one administrator who is responsible for the passwords of all their instances. This administrator is usually the default admin user account included with every new instance. The admin user can create other named accounts that also have administrator permissions.
Developers use their own accounts to access instances and don't change or reset the global administrator password. After a dbinit is run on a sandbox, the administrator is responsible for changing the passwords for the sandbox back to the original passwords. See Using Dbinit.
Security settings let the administrator configure Business Manager passwords behaviors. An administrator can retrieve or reset a forgotten password using the Forgot Password feature.
Import and Export
The import logic rejects deletion attempts for the administrator role (for example, via DELETE mode import). The import logic also rejects any modification of system module access privileges (for example, via REPLACE mode import). Both cases are logged as warning in the import log.