App Access for OrderCloud when using Sitecore Cloud Portal
Published by Ashley Wilson on January 4, 2024
If your organization uses Sitecore Cloud Portal, this article will share more about OrderCloud access using Sitecore Cloud Portal Organization Access and App Access.
Sitecore Portal users with Organization access of Owner or Admin will have full access to all Sitecore Apps. Due to the fact that Owner and Admin users cannot be assigned individual app access in OrderCloud, they will always have FullAccess data access and impersonation permissions for each OrderCloud tenant in the Organization.
Users with Owner or Admin Organization Access can invite other team members to join their OrderCloud app, as well as set their level of App Access. Additionally, they can edit OrderCloud users’ access and delete users.
For each OrderCloud app (marketplace) in the Organization, a team member can have one of the following App Roles:
Full Access gives the highest level of access to the assigned user. These users will have access to every OrderCloud feature, provided the data access for this role isn’t edited.
Admin is a place holder role for Administrators. You can define your custom data access for your OrderCloud Administrators here.
Custom Group 1
Your first custom role, which provides your defined data access to the assigned users.
Custom Group 2
Your second custom role, which provides your defined data access to the assigned users.
Custom Group 3
Your third custom role, which provides your defined data access to the assigned users.
Custom Group 4
Your fourth custom role, which provides your defined data access to the assigned users.
Defining Custom Group Data Access and Impersonation
With OrderCloud you have the flexibility to generate custom role groups so that you can prescribe the exact OrderCloud data access to your users. Only users with Sitecore Organization Access of Owner or Admin can create and edit OrderCloud Roles.
For each Custom Role group, you can assign the level of data access and impersonation access for that Role group to have. The access you assign determines the API Roles that the assigned user has access to when using the API console as themselves. The assigned role can also restrict data access when impersonating users with more available roles in their assigned security profiles. Meaning, when impersonating users in the API Console, the available roles are an intersection of the impersonatee's roles and the Portal User impersonating them.
An OrderCloud Marketplace has up to 4 custom role groups to use for defining your company’s user access, as well as Admin role, which can be customized.
Assigning OrderCloud Access
Team members are assigned roles when a user with Organization Admin or Organization Owner access invites the team member to join a Sitecore Cloud Portal organization, as shown here:
Before inviting users to your OrderCloud App, make sure you have your App access defined in OrderCloud so team members are granted proper access when you invite them