Roles and permissions

PIM validates that users have sufficient permissions to execute operations as well as to view and update entities like product catalogue items, attributes, etc.

Permissions are assigned to roles by administrators. Roles are managed in Bizzkit Iam.

Permissions are managed in PIM under Administration -> Roles.

When editing a role its permissions are displayed as a tree:

All application permissions

Notice the single root node is called AllApplicationPermissions. When assigned to a role, it allows the role to do everything. This is usually only appropriate for administrator roles.

Most permissions are structured as Manage Tenant > Manage X > View X, here illustrated for translation cultures:

Permissions

Permissions inherit everything from the right side which implies that:

  • if role has List and View Translation Culture permission, only viewing is allowed
  • if role has Manage Translation Culture permission, viewing AND editing is allowed
  • if role has Manage Tenant permission, viewing AND editing AND managing other entities under the Manage Tenant permission is allowed
  • if role has AllApplicationPermissions permission, everything is allowed