Document Tree
Document Properties
Last Modified
Added to KB
Public Access
Doc Type
  • IOM 4.0
  • IOM 4.1
  • IOM 4.2
  • IOM 4.3
  • IOM 4.4
  • IOM 4.5
  • IOM 4.6
  • IOM 4.7
  • IOM 5.0
Concept - IOM User Permissions and Roles


This document explains the basic concept of the user permission management of the Intershop Order Management. This document is aimed at business users, project developers, and operators.




A person or technical account that interacts with the system, usually possesses a unique identifier (like a username) and authentication credentials (UserDO)


The ability to perform a specific access or action to a specific resource, e.g. to view orders (RightDO)


A set of predefined permissions related to specific tasks or responsibilities
Roles group users according to their job functions, streamlining permission management (RoleDO, Role2RightDO).

User-Organization assignment

A user “exists” within assigned organizations and their children only (User2OrganizationDO).
Therefore, a user cannot acquire a role (incl. permissions) outside these assignments.

User-Role-Organization assignment

Effective user permissions assignments
A user will be granted all permissions of a role in the given organizations and their children (User2Role2OrganizationDO).

In General

As part of user management, permissions grant users specific access and operations to specific resources. In IOM, permissions are granted to users via roles.

User permissions can also specify:

  • The type of access - for example, a user might be allowed to read data without modifying it (read-only) or be allowed to read and write data. 

  • Specific functions a user can access - for example, most systems have an administrator role that allows users to assign permissions to other users. 

Grant Permissions to a User

The basic steps are:

  1. Creation or usage of a user assigned to at least one organization

  2. Creation or usage of a role containing permissions

  3. Assignment of a role to a user and assignment of the user to at least one organization

The permissions will be granted to all selected organizations and its children. Also refer Concept - IOM Organizations.

Reserved/Predefined Roles

The IOM initial database dumps come with two predefined roles:

  • FullOMTClient, which contains all permissions to use the back office, except for the user administration

  • FullPlatformAdmin, a selection of administrative permissions, like user management

These predefined roles should not be edited in the back office, as this can lead to inconsistencies with regard to (idempotent) configuration scripts.

Reserved/Predefined Users

The IOM initial database dumps come with two predefined users:

  • internal required: This is a required “dummy” user which is internally used mainly to assign an owner to some batch processes.
    Do not modify or delete it. (This user will probably not be visible anymore in a future IOM version).

  • IOM Admin: This user has almost all permissions at all organizations and can be used to discover all features of the back office.

Consider deleting the user IOM Admin in productive systems, or at least modifying its default password. This user can be used to login in the back office after an installation with the initial dump in order to define further users. Its initial password is ‘!InterShop00!’

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.
The Intershop Knowledge Portal uses only technically necessary cookies. We do not track visitors or have visitors tracked by 3rd parties. Please find further information on privacy in the Intershop Privacy Policy and Legal Notice.
Knowledge Base
Product Releases
Log on to continue
This Knowledge Base document is reserved for registered customers.
Log on with your Intershop Entra ID to continue.
Write an email to if you experience login issues,
or if you want to register as customer.