This page gives an overview of the Authorization microservice, including core features, for the Infosys Equinox platform.
The Authorization microservice (“Authorization”) validates both a logged in user and the roles and privileges of that user under a store or business. Authorization provides the capability to validate and grant permission to users for access and use of Infosys Equinox resources.
- Authentication: verifies who the user is; requiring a username and password for authentication.
- Authorization: controls what the user can do after successful authentication. For example, User A is authorized to access, edit, or delete products in Catalog.
Authorization creates and manages the session for authenticated users and creates session IDs and JWT tokens, which has a set of roles and privileges associated with the user. Any guest user or a registered user with a valid user ID can be associated with an available role and is allowed to access the other services only based on the privileges associated with the assigned role.
As part of Infosys Equinox’s security best practices, services cannot be invoked without being authenticated by the Authorization microservice.
- Out-of-the-box standard roles for typical ecommerce retailers
- Create custom roles based on available privileges to meet business-specific needs
- Invite users to specific roles and businesses
- Manage teams at the business level
Roles and Privileges
Commerce users must be invited to access the Infosys Equinox Admin Console (Console), which is the interface where authorized users can manage the business’ commerce implementation. When a user is invited to access the Console, s/he is assigned a role or roles, which will define his or her level of access and control within the Console.
The authentication and authorization service plays a key role in providing appropriate access to the Commerce Console users. The available roles in Infosys Equinox include:
- Instance Admin
- Business Admin
- Business User
- Standard Roles
Instance Admin Role
An instance admin is a persona who has the privilege to:
- Edit or view a business
- Manage users of an instance
This admin is limited to only view and edit a business, but is not allowed to view/manage the stores or microservices for the business. Instance Admins can invite other users, including instance admins, business admins, and/or business users, and assign them standard roles as appropriate.
Business Admin Role
A business admin is a persona who has superuser access to manage the businesses for which s/he is an administrator. Business admin privileges include:
- Edit/View a business
- Manage users of the business
- Manage stores and microservices of the business
A business user is a persona who has limited access to the business based on the standard roles assigned to him or her. For example,
- A business user who is assigned with “Catalog Manager” role for the collection “A” under a business “B” can access and manage only the catalog collection “A” under the business “B”. S/he cannot access any of the business’ other microservices nor any other collection within the business’ Catalog microservice.
Standard Roles are pre-defined roles with an assigned list of privileges that control the access and rights of the users assigned to the role within the Commerce Admin Console (Console). For example,
- A business user who is assigned the role “Promotion Manager” for collection “A” under a business “B” can access and manage only the promotion collection “A” under business “B”. The manager cannot access any of the business’ other microservices nor any other collection within the business’ Promotion microservice.
Available Standard Roles
- Catalog Manager and Catalog Editor roles:
A catalog editor can update Catalogs and catalog attributes.
A catalog manager has access to all the features of the catalog, including the privilege to approve an editor’s changes to the catalog.
- Pricing Manager and Pricing Editor roles:
A pricing editor can update a price list.
A pricing manager has access to all the features of the pricing, including the privilege to approve an editor’s changes to a price list.
- Merchandising Manager and Merchandising Editor
A merchandising editor has access to all the features of merchandising, excluding approver privileges.
A merchandising manager has access to all the features of merchandising, including approver privileges.
- Promotion Manager and Promotion Editor
A promotion editor has access to all the features of promotion, excluding approver privileges.
A promotion manager has access to all the features of promotion Management, including approver privileges.
2020-09-28 | AN – Updated the Core Features section.
2019-09-17 | JP – Updated content for September 2019 release.
2019-07-12 | AN – Content updated for July 2019 release.
2019-06-08 | PLK – Minor copyedits.
2019-05-09 | AN – Minor copyedit.
2019-01-21 | PLK – Page created and content uploaded.