User Management and Hierarchy in SAP Hybris: Employees, Customers, and User Groups

Users in Hybris : Users in SAP Commerce (Hybris) are people who interact with the system to perform tasks like managing settings in the Backoffice or engaging with the storefront.
Types of Users in Hybris:
i)Employee
ii)Customer
If we goto User Node in BackOffice we can see two users such as Employees, Customers

An Employee in Hybris is a user who manages the application and performs administrative tasks or backend operations.
Examples of employees in Hybris:asagent, admin, CustomerSupportAdministrator, WarehouseAdministrator etc

Employees in Hybris can have multiple roles.
For example:-
One employee might be an admin with complete access to the system.
Another employee might have partial access based on their role.

Customers in Hybris are users who shop on the website, performing actions like adding products to the cart, placing orders, and managing their accounts,adding products to wishlist




Open:/platform/ext/core/resources/core-items.xml 
Principal Item Type:
<itemtype code="Principal" extends="GenericItem" jaloclass="de.hybris.platform.jalo.security.Principal" autocreate="true" abstract="true" generate="true">
    <attributes>
        <attribute autocreate="true" qualifier="description" type="java.lang.String" generate="true">
            <persistence type="property"/>
            <modifiers read="true" write="true" search="true" optional="true"/>
        </attribute>
        <attribute autocreate="true" qualifier="name" type="java.lang.String" generate="true">
            <persistence type="property"/>
            <modifiers read="true" write="true" search="true" optional="true"/>
        </attribute>
        <attribute autocreate="true" qualifier="uid" type="java.lang.String" generate="true">
            <persistence type="property"/>
            <modifiers read="true" write="true" search="true" optional="false" unique="true"/>
        </attribute>
    </attributes>
    <indexes>
        <index name="UID" unique="true">
            <key attribute="uid"/>
        </index>
    </indexes>
</itemtype>

User Item Type:
<itemtype code="User" extends="Principal" jaloclass="de.hybris.platform.jalo.user.User" autocreate="true" generate="true">
    <deployment table="Users" typecode="4" propertytable="UserProps"/>
    <attributes>
        <attribute autocreate="true" qualifier="currentTime" type="java.util.Date">
            <modifiers read="true" write="false" search="false" optional="false"/>
            <persistence type="dynamic"/>
        </attribute>
        <attribute autocreate="true" qualifier="currentDate" type="java.util.Date">
            <modifiers read="true" write="false" search="false" optional="false"/>
            <persistence type="dynamic"/>
        </attribute>
        <attribute autocreate="true" qualifier="defaultPaymentAddress" type="Address" isSelectionOf="addresses">
            <persistence type="property"/>
            <modifiers read="true" write="true" search="false" optional="true"/>
        </attribute>
        ..........
    </attributes>
</itemtype>

Employee Item Type:
<itemtype code="Employee" extends="User" jaloclass="de.hybris.platform.jalo.user.Employee" autocreate="true" generate="true"></itemtype>

Customer Item Type:
<itemtype code="Customer" extends="User" jaloclass="de.hybris.platform.jalo.user.Customer" autocreate="true" generate="true">
    <attributes>
        <attribute autocreate="true" qualifier="customerID" type="java.lang.String">
            <modifiers read="true" write="true" search="true" optional="true"/>
            <persistence type="property"/>
        </attribute>
    </attributes>
</itemtype>

Item Type Hierarchy

  • GENERICITEM
    • PRINCIPAL
      • USER
        • CUSTOMER, EMPLOYEE

PRINCIPAL item type has a UID (Unique Identifier) that is unique for each item of this type.
USER item type extends PRINCIPAL, so it inherits the same UID from PRINCIPAL.
CUSTOMER and EMPLOYEE are both types of USER. Since CUSTOMER and EMPLOYEE are extensions of USER, they also inherit the UID from PRINCIPAL.

The UID is still unique for each CUSTOMER and EMPLOYEE because it's inherited from PRINCIPAL

What are UserGroups in Hybris :
UserGroups are a way to give users specific "powers" or permissions in Hybris. If a user belongs to a UserGroup, they inherit the rights assigned to that group.
For example, being in an admin-group allows full system access, while being in an employee-group grants standard employee privileges.This makes UserGroups a powerful and efficient way to manage user permissions in SAP Commerce (Hybris).


Open:/platform/ext/core/resources/core-items.xml 
PrincipalGroup Item Type:
<itemtype code="PrincipalGroup" extends="Principal" jaloclass="de.hybris.platform.jalo.security.PrincipalGroup" abstract="true" autocreate="true" generate="true">
    <attributes>
        <attribute autocreate="true" qualifier="locName" type="localized:java.lang.String" generate="true">
            <persistence type="property"/>
            <modifiers read="true" write="true" search="true" optional="true" private="false"/>
            <custom-properties>
                <property name="hmcIndexField">
                    <value>"the field"</value>
                </property>
            </custom-properties>
            <model>
                <getter name="locname" deprecated="true" deprecatedSince="ages"/>
                <setter name="locname" deprecated="true" deprecatedSince="ages"/>
            </model>
        </attribute>

        <attribute autocreate="true" redeclare="true" qualifier="displayName" type="localized:java.lang.String" generate="true">
            <persistence type="dynamic" attributeHandler="principalGroupDisplayNameLocalizedAttributeHandler"/>
            <modifiers read="true" write="false" search="false" optional="true"/>
        </attribute>

        <attribute autocreate="true" qualifier="maxBruteForceLoginAttempts" type="java.lang.Integer" generate="true">
            <persistence type="property"/>
            <modifiers read="true" write="true" search="true" optional="true"/>
        </attribute>
    </attributes>
</itemtype>

UserGroup Item Type:
<itemtype code="UserGroup" extends="PrincipalGroup" jaloclass="de.hybris.platform.jalo.user.UserGroup" autocreate="true" generate="true">
    <deployment table="UserGroups" typecode="5" property table="UserGroupProps"/>
    <attributes>
        <attribute qualifier="writeableLanguages" type="LanguageCollection">
            <modifiers read="true" write="true" search="true" optional="true"/>
            <persistence type="property"/>
        </attribute>
        <attribute qualifier="readableLanguages" type="LanguageCollection">
            <modifiers read="true" write="true" search="true" optional="true"/>
            <persistence type="property"/>
        </attribute>
        <attribute qualifier="hmcXML" type="java.lang.String">
            <modifiers read="true" write="true" search="false" optional="true" dontOptimize="true"/>
            <persistence type="property"/>
        </attribute>
        <attribute qualifier="denyWritePermissionForAllLanguages" type="java.lang.Boolean">
            <modifiers read="true" write="true" search="false" optional="false" dontOptimize="true"/>
            <defaultvalue>java.lang.Boolean.FALSE</defaultvalue>
            <persistence type="property"/>
        </attribute>
    </attributes>
</itemtype>

Item Type Hierarchy

  • GENERICITEM
    • PRINCIPAL
      • PRINCIPAL GROUP
        • USERGROUP
UID at Principal Level: The UID (Unique Identifier) at the Principal level uniquely identifies each user or employee. It is used across all roles (UserGroups) to ensure distinct identification.

UserGroups as Roles for Employees and Customers: UserGroups define roles and permissions within the system, dictating what users or employees can access and what actions they can perform. The assigned UserGroup determines the areas of SAP Commerce a user (employee or customer) can access, such as Back Office or Cockpits
<relation code="PrincipalGroupRelation" autocreate="true" generate="false" localized="false"
    deployment="de.hybris.platform.persistence.link.PrincipalGroupRelation">
    <sourceElement qualifier="members" type="Principal" collectiontype="set" cardinality="many" ordered="false">
        <modifiers read="true" write="true" search="true" optional="true"/>
    </sourceElement>
    <targetElement qualifier="groups" type="PrincipalGroup" collectiontype="set" cardinality="many" ordered="false">
        <modifiers read="true" write="true" search="true" optional="true"/>
    </targetElement>
</relation>

Employee to UserGroup: An Employee can belong to multiple UserGroups, defined by a "many" relationship where the members qualifier is associated with Principal and has a "many" cardinality.

UserGroup to Employee: A UserGroup can have multiple Employees, defined by a "many" relationship where the groups qualifier is associated with PrincipalGroup and also has a "many" cardinality.

Comments

Anonymous said…
Very good information and thank you for beautiful blogs
January 3, 2025 at 9:04 AM
Anonymous said…
Good content
January 3, 2025 at 9:20 AM
Anonymous said…
Thank you bro, very informative blog
January 4, 2025 at 1:13 PM
Post a Comment

Popular posts from this blog

Latest SAP Commerce (Hybris) Interview Questions

1.What is the need for the deployment tag, and what does autocreate=true 2.What happens if the deployment tag is not used 3.Explain the process of adding a step in the checkout end-to-end. 4.Have you worked on order process Share a project use case. 5.How do you configure and abort a cron job in Hybris 6.What are composite cron jobs 7.How do you create variants and sub-variants in SAP Commerce 8.Share your experience with Solr and Backoffice customizations. 9.Have you worked on cart customizations Share a project use case. 10.What is the difference between value providers and resolvers 11.Explain the OCC flow in Hybris. 12.Have you worked on payment integration or any third-party integration 13.Are you familiar with Kibana, Dynatrace, or CCV2 14.Explain the Spring MVC flow. 15.What are the types of dependency injection in Spring 16.Mention any JDK 17 or JDK 11 features you know. 17.Why is navigable=true used in Sap Commerce. 18.Explain...
Read more

Steps to Install SAP Commerce Cloud 2211/Install SAP Hybris 2105 to 2211

Image
Let us discuss What is Sap Commerce (or) Hybris,What is the Purpose of SAP Commerce ? Let's say we have a requirement to develop an Ecommerce Site or Shopping Site then we can use SAP COMMERCE . Right now we are planning to use SAP COMMERCE , it means we need to install SAP COMMERCE Software After installation we get a Ready Made Site (or) ready to use site. Ready made site means 80% of site code and functionality is ready. Step 1: Download SAP Commerce Software. Step 2 : Before extracting the zip file using 7 zip ,observe the sap commerce software name CXCOMCL221100U_20-70007431.ZIP Try to avoid special characters like (spaces or , _ ,- ) in zip file names because we might face problems while installing . So rename with short names like CX2211.zip then extract. If you don't have 7 zip file software in your system ,you can download from https://www.7-zip.org/download.html according to your system requirements. Extract below folder with the help of 7-Zip too...
Read more

OCC Webservices in SAP Commerce(hybris) 2211 using YOCC template – Part 1

Omnichannel Commerce Connect(OCC), which is a RESTful web services framework provided by SAP Commerce (Hybris).We can expose sap commerce(hybris) apis to external systems. Requirement : Create a custom OCC endpoint that retrieves detailed store information based on the storeId Step 1: Run the following command ant extgen to create a new OCC extension in platform Select Yocc template ,give name of your extension like sampleocc and package like com.hybris.occ Note: Remove or comment yocc extension ,add your custom occ extension in localextensions.xml and do ant clean all Step 2: Create SampleB2CStore an item type with attributes like storeId,storeName,storeLocation,storeOwner,storeGstNumber in samplecore-items.xml < itemtype code = "SampleB2CStore" autocreate = "true" generate = "true" > < deployment table = "SampleStore" typecode = "15786" /> < attributes > < attribute qualifi...
Read more