34 Manage Access to Shopper Data

The Oracle Commerce access control system can be used to manage internal users' access to shopper data, such as profile properties.

Access to these properties is controlled using metadata attributes of the properties. You assign roles and generic access rights to these attributes to specify, for each individual property, which groups of internal users can access the property, and the type of access granted (either read, write, or both).

You can use property access control to support compliance with privacy laws such as the European Union General Data Protection Regulation (GDPR), by enforcing restrictions on who can access a shopper’s personal data. For example, you might want to allow an administrator to see all of the properties in a shopper’s profile, but allow customer service agents to see only a subset of the profile properties.

This chapter describes how to use roles and generic access rights to manage access to shopper data. For general information about the Commerce access control system, and instructions about creating generic access rights and assigning them to roles, see Implement Access Control for Internal Users.