Understanding Security Profile Group in Sitecore OrderCloud

Hello everyone, In this blog we will try to understand, what is Security Profile in Sitecore OrderCloud. How we can Security Profile in Sitecore OrderCloud.

Let's first understand what is Security Profile.

According to Sitecore OrderCloud definition "Security profiles are groups of roles (permissions), each of which grant users access to specific API endpoints and functionality. This lets you have permission based API calling from applications. If a request is made by a user without sufficient roles, they will receive a 403 Forbidden response"

This come very handy in Ecommerce application where you have role based functionalities. The best example is Buyer User who will having different roles(Ex.MeAddress,Shopper,MeCreditCardAdmin etc.) and Seller User(Ex. FullAccess, OrderAdmin,BuyerAdmin,CatalogAdmin etc.).There are multiple roles in Sitecore OrderCloud which we will see in different blog.

Let's create our first Security Profile in Sitecore OrderCloud

Navigate to MarketPlace Dashboard which we created in your last to last blog and click on API console.Once ApiConsole is open -->Click on SecurityProfile menu link under Authentication and Authorization section.Click on New Security Pofile button. Refer below screenshot for your reference.

Now Give the Name for your security profile and suitable ID for your security profile. Also assign roles from available roles list as shown below. Now click on create new security profile button at the bottom.You can see our new buyer security policy is created successfully.

We can do CRUD operation using Enhanced UI options also. When you click the Enhanced UI options, we get REST api calls options. Below is the screenshot for your reference.

Here you will get all API calls for CRUD operations.If you want to do any updates, you can update your security profile here using PUT PATCH calls.

Now we have to assign the Buyer security Profile to Buyer or Buyer Organization. In this way, which ever user is added to that Buyer Organization will have the define role automatically added to it.You can get the list of all security profiles create in Sitcore OrderCloud using Get Call as shown below.

Now let's assign the security profile to Buyer organization using Post Call to Security Profile Assignment.

Now let's confirm for one of the buyer user that do we have roles automatically assigned to them.

Now when we call token endpoint from application to get access token, we need to pass scope as parameter as shown below

As you have seen above we have created Buyer security profile. Similary we need to create Seller Security profile along with roles. Steps are exactly same.After creating Security profile we need to assign the profile to Seller users. Refer below screenshot.

Hope you understand the concepts. Thanks for reading and Happy Sitecoring!!!

Will be back with more blogs related to Sitecore OrderCloud. Stay Tune.

Comments

Post a Comment

Popular posts from this blog

Automate RSS Feed to Sitecore XM Cloud: Logic App, Next.js API & Authoring API Integration

Image
Hello everyone, In this blog, we will see a pratical use case of reading RSS feed and creating the respective items in Sitecore XM Cloud. To accomplish the task, we will use Logic App, an API created in Next JS and lastly calling the Authoring API to execute mutation query for Item Creation in Sitecore. Let's divide the process into 2 parts: Logic App : This will mostly focus on fetching the feed from RSS, performing transformation, storing the result in array of json object and pushing the data to next js api endpoint. Next JS API Development : This will take care of calling the authoring api of XM Cloud instance and performing the create item mutation query on the recieved data from Logic App. Logic App Azure Logic App is a cloud-based service provided by Microsoft Azure that allows you to automate workflows and integrate applications, data, services, and systems without writing complex code. It enables you to create automated workflows visually through...
Read more

Create and Fetch Content From Sitecore Content Hub One using GraphQL and React

Image
Hello everyone, In this blog, we will see overview of Sitecore Content Hub One product its benefits, features etc. This blog will walkthrough below listed points. Overview Features Content Hub One Dashboard Creating Taxonomy Creating Content Type Uploading New Media Creating Content Items From Content Type Getting GraphQL Token Creating Sample React Application To Read the Content from Content Hub One Overview Sitecore Content Hub One is a powerful platform. It is designed to centralize and streamline content creation, management, and distribution across various channels.Focuses on delivering content via APIs, enabling seamless integration with various front-end frameworks.Hosted in the cloud, offering scalability, automatic updates, and reduced infrastructure management.Provides flexible APIs and SDKs for developers to integrate and build custom solutions efficiently. Features Headless Content Management : Allows content to be delivered via APIs to any front-end or platfor...
Read more

Sitecore XM Cloud Form Integration with Azure Function as Webhook

Image
Hello everyone, In this blog, we will see, how Azure Function can be used with Sitecore Forms. Before starting, I would request everyone to read my previous blog on XM Cloud Form as I am not going to go deep with how to create forms in XM Cloud. Creating Azure Function : Will serve as our Webhook Creating and Integrating Form : XM Cloud Form Creating An Azure Function I will not explain how you can create Azure Function with Http Trigger. You can check this youtube link here . Also in reference section, I will provide the link how you can connect and deploy your changes to azure function using Visual Studio. Azure Function Code : Its just a starter code which Azure function by default. Creating XM Cloud Form and Integrating with Azure Function Step 1 : Create a form from Form Editor and once form us published, you can see the below view in preview state. Here you can edit your form too. But it always recommended to use a version of that form as whatever changes is done will ...
Read more