官方文档

Principal: A user who gains access to the application is called a principal. It does not have to be a real user, it can be an external system like a backend or frontend application, or a mobile application. Principal 不一定是一个真实的用户，也可以是来自外部系统的后台或者前台应用，或者是一个移动应用。
Authentication means checking provided credentials. If credentials are valid, then the proper roles are assigned to a principal.

Authentication - 认证，意思是检查principal提供的credentails，如果有效，就颁发对应的role给principal.

Authorization: means deciding if a principal can perform a given action. 决定一个principal是否能够执行某项操作。

This is determined based on the assigned roles of the principal and also on other constraints, for example secure communication channel.

根据principal分配的roles或者其他限制来决定。

The authorization process takes place separately in two layers:

HTTP layer
Service (business) layer

OCC User Roles

The security of OCC calls is based mainly on user roles. These roles are assigned to the principal depending on the authentication type:

参与OAuth认证的principal，可以分配不同的role：

Anonymous：A non-authenticated principal is assigned a built-in ANONYMOUS role by default. 默认的role
Clients：Every client application that was authenticated using an OAuth2 token in the client credentials flow is assigned a specific role depending on the client definition.

每个使用OAuth 2 token 参与client credentials flow认证的客户端应用，都分配一个Clients role.

When defining the clients remember to assign either the ROLE_CLIENT or ROLE_TRUSTED_CLIENT to them, because these roles allow client access to the ycommercewebservices extension.

ROLE_CLIENT 或者 ROLE_TRUSTED_CLIENT，允许客户端使用 ycommercewebservices extension.

Customers: Users who were authenticated using the OAuth2 token in the password flow, are assigned a list of roles that are received from a service layer in the same way as it works in the whole application.

By default, CUSTOMERGROUP and CUSTOMERMANAGERGROUP roles are used.

Guests: Anonymous users who provided their own e-mail address. It can be done by calling /customers/current/guestlogin in v1 or /users/anonymous/carts/{guid}/email in v2.

For such users, a built-in GUEST role is assigned.

SAP Commerce Cloud OCC User Role相关推荐

什么是SAP Commerce Cloud OCC
SAP官网链接:https://help.sap.com/viewer/9d346683b0084da2938be8a285c0c27a/2011/en-US/8c19ab00866910148f87 ...
关于SAP Commerce Cloud OCC API url里不包含user信息的问题
问题 CMS OCC WS Endpoint don't add User information in URI so all CMS Restriction based on user or use ...
SAP Commerce Cloud，通过 ycommercewebservices OCC APIs 进行结账的一个技术限制
原文:SAP Commerce Cloud, single-page checkout via ycommercewebservices OCC APIs v2 您是在公共基础设施中使用 SAP Co ...
SAP Spartacus部署到SAP Commerce Cloud，不同的系统设置不同的OCC Base url
需求 I would like to set environment specific OCC Base URLs Development Staging Production 现在遇到的问题 Cur ...
SAP Commerce Cloud UI 的用户会话管理
这是 Jerry 2021 年的第 51 篇文章,也是汪子熙公众号总共第 328 篇原创文章. 如无特殊说明,本公众号介绍的 SAP Commerce Cloud UI,均指新一代基于 Spartac ...
SAP Commerce Cloud 架构概述
SAP Commerce Cloud Architecture 尽管我们在"SAP Commerce Cloud 入门"一文中介绍了 SAP Commerce Cloud 的一些高 ...
SAP Commerce Cloud Storefront 框架选型：Accelerator 还是 Spartacus?
Choosing Which Storefront to Use for Your SAP Commerce Cloud Solution 有许多使用 SAP Commerce Cloud 创建店面的 ...
将您的基于 Accelerator 的 SAP Commerce Cloud Storefront 迁移到 Spartacus Storefront
原文:Migrate Your Accelerator-based Storefront to Project Spartacus 如果您已阅读过"迁移到 Spartacus javascr ...
SAP Commerce Cloud 概述
原文标题:Getting Started with SAP Commerce Cloud 英文版地址:https://www.sap.com/cxworks/article/433893880/get ...

SAP Commerce Cloud OCC User Role

OCC User Roles

SAP Commerce Cloud OCC User Role相关推荐

最新文章

热门文章