Today I am going to explain what a security profile is and the process to create a security profile in Sitecore OrderCloud.
Security Profile
Security profiles in Sitecore OrderCloud are used to define the permissions and access rights for users or groups of users called user groups. Each security profile contains a set of permissions that determine what actions the users can perform within the system. These permissions can include reading, writing, creating, updating, deleting, and managing access to specific resources, such as products, orders, customers, and suppliers.
In Sitecore OrderCloud security profiles are groups of roles that define a user's permissions and the specific endpoints the user can access. Businesses protect the data of their marketplaces by assigning certain security roles to users and user groups.
Access rights in Sitecore OrderCloud are controlled through a combination of security profiles and roles. Roles are used to group users with similar responsibilities and interests, while security profiles define the permissions and access rights for those roles. For example, a user in a supplier's role might have a security profile that allows them to create and edit products, while a user in a buyer's role might have a security profile that allows them to view and edit orders and personal details.
Monitoring and updating security profiles regularly is crucial to maintaining Sitecore OrderCloud's security. This entails continuously examining and revising user roles and permissions and making sure access is only given to those who need it.
Creating a Security Profile for Buyers
Step 1: Login into the Sitecore OrderCloud portal (https://portal.ordercloud.io/login).
Step 2: On Dashboard, click on “New Tab” under the API Console.
Step 3: Next, click on “SELECT A CONTEXT” in the upper left corner to select the marketplace you want to interact with.
Step 4: Scroll to the Authentication and Authorization section in the left-hand side resource menu and select “Security Profiles”.
Note: The default view of the security profile page is OrderCloud-enhanced UI. If you want to switch it back to the traditional view, click on the enhanced UI icon in the upper left corner.
Step 5: Click on the operation selection tab, and you will see a list of endpoints that are available to security profiles. From the list select “POST Create a new security profile”.
Step 6: There are two ways to create a new security profile. You may either fill out the form on the left-hand side or type in the JSON input on the right-hand side.
Step 7: Now enter the security profile name in the “Name” field. It is a necessary field. The ID is an optional field. If you don’t specify the ID, OrderCloud will auto-generate one.
Step 8: Since the security profile is a group of roles that define the user’s permissions, it is important to select the roles associated with the security profile. In this example, I am creating a security profile for the buyer’s security. Typically, buyers should be assigned the “Shopper”, “MeAddressAdmin”, “MeCreditCardAdmin”, “MeSubscriptionAdmin” and other Me roles.
Note: If there are other endpoints that you are maintaining then you can also create a custom role associated with the profile.
Note: You also have the option to use the “Password Config” section to control the password behavior for the users.
Step 9: When you are ready. Click “Send”.
You can also use the following JSON to create the same security profile in Sitecore OrderCloud:
{
"Name": "Buyer_Security",
"Roles": [
"MeCreditCardAdmin",
"MeAddressAdmin",
"MeSubscriptionAdmin",
"Shopper"
]
}Now if you visit the security profile view page you can get an overview of all the security profiles for a particular marketplace.
Read more about Security Profile API references at “https://ordercloud.io/api-reference/authentication-and-authorization/security-profiles”.
References
Security Profiles - https://ordercloud.io/knowledge-base/security-profiles
Create a new Security Profile - https://ordercloud.io/api-reference/authentication-and-authorization/security-profiles/create
That’s all for Today.
Happy Coding.
Coders for Life