34 Implement Role-based Access Control

To comply with the European Union General Data Protection Regulation (GDPR), you may need to enforce restrictions on who can access a shopper’s personal data.

For example, you might want to allow an administrator to see all of the properties in a shopper’s profile, but allow customer service agents to see only a subset of the profile properties.

Oracle CX Commerce provides an access control system that is based on metadata attributes of properties. These attributes can be used to specify, for each individual property, which groups of users can access the property, and the type of access granted (either read, write, or both). Access control is supported primarily for items that may hold personal data, such as profiles and orders. For a given user, you may want to provide different access depending on the item type.

This chapter describes how to implement role-based access control for internal users and for account-based shoppers (contacts), as well as special considerations for users of the Agent Console and Oracle Assisted Selling.