# SAP Commerce Cloud OCC User Role

+关注继续查看

Principal: A user who gains access to the application is called a principal. It does not have to be a real user, it can be an external system like a backend or frontend application, or a mobile application. Principal 不一定是一个真实的用户，也可以是来自外部系统的后台或者前台应用，或者是一个移动应用。

Authentication means checking provided credentials. If credentials are valid, then the proper roles are assigned to a principal.

Authentication - 认证，意思是检查principal提供的credentails，如果有效，就颁发对应的role给principal.

Authorization: means deciding if a principal can perform a given action. 决定一个principal是否能够执行某项操作。

This is determined based on the assigned roles of the principal and also on other constraints, for example secure communication channel.

The authorization process takes place separately in two layers:

HTTP layer

OCC User Roles

The security of OCC calls is based mainly on user roles. These roles are assigned to the principal depending on the authentication type:

Anonymous：A non-authenticated principal is assigned a built-in ANONYMOUS role by default. 默认的role

Clients：Every client application that was authenticated using an OAuth2 token in the client credentials flow is assigned a specific role depending on the client definition.

When defining the clients remember to assign either the ROLE_CLIENT or ROLE_TRUSTED_CLIENT to them, because these roles allow client access to the ycommercewebservices extension.

ROLE_CLIENT 或者 ROLE_TRUSTED_CLIENT，允许客户端使用 ycommercewebservices extension.

Customers: Users who were authenticated using the OAuth2 token in the password flow, are assigned a list of roles that are received from a service layer in the same way as it works in the whole application.

By default, CUSTOMERGROUP and CUSTOMERMANAGERGROUP roles are used.

Guests: Anonymous users who provided their own e-mail address. It can be done by calling /customers/current/guestlogin in v1 or /users/anonymous/carts/{guid}/email in v2.

For such users, a built-in GUEST role is assigned.

8332 0

26365 0

2737 0

2212 0

11806 0

4530 0

21493 0
+关注
2450

0

+ 订阅

《2021云上架构与运维峰会演讲合集》

《零基础CSS入门教程》

《零基础HTML入门教程》