Accessing BM and Having Roles in Salesforce Commerce Cloud
Learning of the SFCC platform requires very basic knowledge of platform formation. Which you can learn from The eCommerce Platform. It is recommended for anyone who wants to learn SFCC from start or improve knowledge of the platform.
To learn about the Business Manager, you can refer to this link: What Is a Business Manager in SFCC?
You will find an explanation of what is the Business Manager and what you can do from it.
This article is about getting access to the Business Manager, updating permissions to various roles, and performing other necessary operations for smooth execution for your organization.
When you are managing your organization on the SFCC platform, it is important to learn about various roles. Roles can be defined by the administrator or having permissions for managing roles.
Accessing the BM Traditional Way
This is a simpler approach to login into the SFCC BM. Where the administrator will create accounts of every user manually for each instance.
For example, to get access for the developer, the administrator will require to create an account for the developer on each instance (Staging, Development, Production, and Sandboxes) manually.
Upon adding the user’s email and basic information the user would receive an email for setting up a password for his account.
Password for each instance will be separate, though he can use the same but would require to manage and track manually.
Pros:
- New users can be added very easily.
Cons:
- Password management is not easier.
- In case of removing the user from the organization would require to manage in every instance.
Accessing the BM using Account Manager
The Account Manager works as a Single Sign-On (SSO) platform.
Where the user needs to be created only once and the user can take care of password and email settings easily.
Every instance will have the same user email and password to access.
Although, roles and permissions need to be managed separately in every instance.
The Account Manager comes with Two-Factor Authentication (2FA), to provide a layer of security that uses Time-based OTP generated.
Pros:
- Very simpler user management.
- In the case of removing the user, it can be done at the central level.
- Password management is very easier.
Cons:
- If any issue in the Account Manager system, then it will affect access to all instances.
BM Access: Traditional way v/s Account Manager
| Traditional Way | Account Manager |
|---|---|
| Simple to add a new user. | Requires to create Account manager user first. |
| Harder to handle multiple instances for the same user. | Very easier to manage on multiple instances. |
| Role and Permissions require to handle manually on each instance. | Role and Permissions require to handle manually on each instance. |
| Password for each instance can be different and hard to track. | Password for each instance will be the same and easier to track. |
| Access can have issues if any particular instance is down. | Access to all instances will be affected if any issue at Account manager. |
Roles
The roles and permissions always become important when your site is managed by various team members.
Since various team members will be working at different positions in your organization.
For example, you would not want to give site delete, data replication permissions to the newcomer in your organization.
Based on my experience you should define roles as below in your SFCC BM:
| Role | Basic Permissions |
|---|---|
| Administrator | Full permissions, can take actions on all available options in SFCC BM. |
| Merchandising | Marketing, SEO, Product, Inventory & Pricing management |
| Developer | Can have less permissions than Administrator and more permissions than Merchandising |
| Read only | Does not have any write permissions but can visit all modules and see the content. |
It is important to understand various instances the SFCC platform offers. Each instance has unique behavior and performance. For example, you might give lesser permissions on the Production instance than on the Development instance to the same person. Or you might want to give read-only permissions on production to the same user having many write permissions in other instances. So that any intentional/un-intentional activities can not be carried out on the Production instance.
Ideally, you should be ready with such a matrix of permissions in your organization, by considering some common job profiles in the organizations:
| Job profile | Development | Staging | Production |
|---|---|---|---|
| Owner/Administrator | Yes | Yes | Yes |
| Senior technical | Yes | Yes | Yes |
| Quality Assurance team | Yes | No | No |
| Merchandising team | Yes | Yes | No |
| Development team | Yes | Yes | No |
Fill out all the fields with Yes/No.
This will give you visibility on permissions and roles assigned to the users falling under various job profiles.
The roles will play an important part in site management and releases in SFCC.
Proper management of roles reduces the risk of unintentional changes and possible issues for your site release and daily operations.
Important Links
Conclusion
Before assigning and allowing your team members to the BM, you need to think about roles and permissions.
Test Your Knowledge!
Note: These questions are generated by AI manually using the content of the blog post.
1. What is a key advantage of using the Account Manager for Business Manager access over the traditional method?
2. Why does the article recommend assigning different permissions to the same user on different instances (e.g., Development vs. Production)?