Authorisation Import

Short description

Authorisations can be used to determine in great detail which items customers are allowed to see in the shop. This is done using authorisation profiles. Both customers and articles are linked to one or more such profiles. A customer then only sees the articles that are linked to at least one of the profiles to which that customer is also linked.

Authorisations can also be used for general content blocks. By linking content blocks to authorisation groups in the content editor in the Vendisto CMS, those blocks are only visible to visitors who are also linked to those groups.

When authorisation is activated, a choice can be made between Basic Authorisation (where only standard system authorisation profiles are used) and Advanced Authorisation (where custom profiles can also be defined).

The system profile with profile code PUB is reserved for the Public Authorisation profile. This profile is always present. When Basic Authorization is active, a non-signatory user automatically gets this profile.

The system profile with profile code DEB is reserved for the Debtor Authorization profile. When Basic Authorization is active and this profile is activated, a logged on user who has not been assigned a custom authorization profile, will automatically receive this profile.Als er gebruik wordt gemaakt van Advanced Authorization kunnen ook eigen autorisatieprofielen worden gedefinieerd. Hiermee kan worden bereikt dat verschillende groepen van ingelogde gebruikers, of zelfs individuele gebruikers, verschillende assortimenten zien.

When Advanced Authorization is used, the customer import must include which authorization profiles a customer is linked to. With Basic Authorization system profiles are used and this is not necessary. In both cases it is of course necessary to link articles to authorization profiles with an authorization import.

If custom authorisation profiles are used, they replace the DEB and PUB system profiles. If it is desired that users with their custom authorisation profile also see all articles that a non-logged-in user can see, the PUB profile should be explicitly linked to the user.

Authorisations are handled in the shop as follows:

  • A non-logged-in user gets the system profile PUB

  • A logged on user gets the authorisation profiles defined by the User, or if there are none by the Customer to which the User belongs.

  • A logged on user for whom no profile has been defined gets the system profile DEB if active, otherwise the system profile PUB.

Part of the definition of an authorisation profile is the AccessMode. The latter defines whether the items supplied in the authorisation file belong to this profile by default or not. The AccessMode has two possible values: Allow and Deny. Accessmode Allow is occasionally used for very specific purposes. For standard situations, only the Deny access mode should be used.

Within an authorisation profile with Accessmode Deny, articles are not visible until an article is explicitly indicated that the article should be visible to a profile. By including authorisation profile codes in the Allow node within the Authorisation node of an article, the article becomes visible to all users to whom those authorisation profiles are linked.

The import file contains a list of authorisation profiles, and then for each article a list of the authorisation profiles that are allowed to see the article.

Aanleverwijze

Update Frequentie: Batch minimal 1x per day

Incremental ora complete set: Incremental

Filetype: Zipped XML

Bestandsbenaming: [SHOPNAME]_Authorizations_[INDEXNUMBER].xml Transport: over FTPS, FTPS Vendisto server is hosted by INTEGRACE, file is deposited by ERP party on FTPS server.

Location within FTP root: \ShoxlPro\XmlImport\

Structure XML

<?xml version="1.0" encoding="utf-8"?>
<Import>
    <ImportSettings>
        <Importer>Authorizations</Importer>
        <Version>1.0</Version>
    </ImportSettings>
    <AuthorizationProfiles>
        <AuthorizationProfile>
            <Name> </Name>
            <Code> </Code>
            <DefaultAccess> </DefaultAccess>
        </AuthorizationProfile>
    </AuthorizationProfiles>
    <Articles>
        <Article>
            <Number></Number>
            <Authorizations>
                <Allow>
                    <Profile></Profile>
                    <Profile></Profile>
                </Allow>
                <Deny>
                    <Profile></Profile>
                </Deny>
            </Authorizations>
        </Article>
    </Articles>
</Import>

Fields XML

Import element:

Name

Description

Type

Required/Optional

ImportSettings

Container element for importsettings

Element

Optional

AuthorizationProfiles

Container element for AuthorizationProfile data

Element

Required

Articles

Container element for Article data

Element

Required

ImportSettings element:

Name

Description

Type

Required/Optional

Importer

Name of the importer. Should be Authorization.

Text,

default Authorization

Optional

Version

Version of the import xml. To be used for backward compatibility issues.

Text, default 1.0

Optional

AuthorizationProfile element:

Name

Description

Type

Required/Optional

Name

Descriptive name of the authorization profile

Text

Required

Code

Code of the authorization profile

Char[3]

Required

DefaultAccess

Default behavior of authorization profile

AccessMode

Required

Article element:

Name

Description

Type

Required/Optional

Number

Article number

Text

Required

Authorizations

Container element

Element

Optional

Authorizations element:

Name

Description

Type

Required/Optional

Allow

Container for list of allowed profiles

Element

Optional

Deny

Container for list of denied profiles

Element

Optional

Allow element:

Name

Description

Type

Required/Optional

Profile

Profile code

Text

Optional

Deny element:

Name

Description

Type

Required/Optional

Profile

Profile code

Text

Optional

Types:

Type

Values

AccessMode

Allow, D

Last updated