Salesforce B2C Commerce 24.7 > Administering Your Organization > Permissions, Users, and Roles

Roles and Permissions

We recommend limiting access to modules to only users who use the module. To restrict and grant access to modules, use roles and permissions. When properly configured, a user who logs into B2C Commerce sees only the modules that they need to perform their job. This eliminates confusion and increases the security of the organization.

Note: Roles and permissions described here are for Business Manager users only and not for storefront customers.

Roles

Roles represent groupings of permissions. They're defined in the context of an organization. You can assign multiple roles to a user and associate these roles with permissions. A user owns the permissions assigned to each of their roles. B2C Commerce defines sample roles for the SiteGenesis application site, such as the administrator role. This role has permissions on all Business Manager modules below the Administration menu. You can create your own roles depending on your specific needs for the site's organization.

Permissions

You can configure Business Manager module permissions and functional permissions. Module permissions include the ability to transfer, replicate, and edit B2C Commerce data. You can also let users log in on behalf of a shopper or as a shopper, which is useful for support. You can specify read or write access for most data, for one or more sites or across all sites in an organization.

Functional permissions let a user perform specific functions in B2C Commerce. To edit data, functional permissions must be combined with Business Manage module permissions. You can also grant WebDAV permissions.

To view a list of all users assigned to a specific permissions, audit a permission.

Business Manager Example

This example assumes you have multiple sites and need to assign different levels of permissions for different users.

User Name	Title	Access Needs
Marie	VP of Marketing	Views pricing and inventory for all sites. Views content assets for all sites.
Traude	Site Merchandiser	View and edit storefront catalog, pricing and inventory. A site merchandiser is particularly important if there are multiple business running on the same realm that don't want to share data. The site merchandiser can only see data for their site, not data for other sites.
Lucas	Site Administrator	Cannot view catalog, pricing, or inventory data. Can transfer data via WebDAV. Can replicate data. Can import or export data. Can run jobs.
Henry	eCommerce Developer	Needs full access to catalog, pricing, and inventory data across all sites. Permission to transfer data via WebDAV or replicate data. These permissions only function for his sandbox.

As a first step, you need to create roles.

Role	Business Manager Permissions	Functional Permissions
corporate	For each site, add the following site permissions: Products and Catalogs Content	No permissions assigned.
merchandiser	For a specific site, add the following site permissions: Products and Catalogs Content Search Online Marketing Ordering Analytics	Assign these: Manage_Site_Catalog Manage_Site_PriceBooks Manage_Site_Inventory
site_admin	Add the following organization permissions: Replication Site Development module, Import & Export and Site Import & Export Operations For a specific site, add the following site permissions: All Batch Processes All Import & Export modules	Assign these: Replication_Run_For_Org WebDAV_Realm_Access WebDAV_Manage_Customization WebDAV_Transfer_Files
developer	All Site Development modules Operations - Custom Log Settings, Pipeline Profiler	No permissions assigned.

After you have created the roles, you can assign users to them.

Role	Permissions
Marie	corporate
Traude	merchandiser Note: If you wanted Traude to be able to view prices and inventory for all sites, but only be able to edit the data for her site, you could add her to the corporate role.
Edward	support_rep
Lucas	site_admin
Henry	developer