Introduction
This document describes permissions and responsibilities for accessing and deploying Intershop Commerce Platform projects.
Note
The focus lies on post-go-live deployments. Deployments during the project phase are briefly mentioned at the end of this guide.
References
Glossary
| Term | Description |
|---|---|
| DEV | Development Team |
| ICM | Intershop Commerce Management |
| INT | Integration environment |
| IOM | Intershop Order Management |
| OPS | Operations |
| PRD | Production environment |
| PWA | Progressive Web App |
| UAT | User acceptance test environment |
Deployments
The following table lists responsibilities for deployments:
| Application/Module | INT | UAT | PRD |
|---|---|---|---|
| Intershop Commerce Management (ICM) | OPS/DEV | OPS/DEV | OPS1/DEV2 |
| Intershop Progressive Web App (PWA) | OPS/DEV | OPS/DEV | OPS |
| Intershop Order Management (IOM) | DEV | DEV | OPS |
1 Both, code and full deployments
2 Code deployment only
For details, refer to Guide - Intershop Commerce Platform Deployment Process (valid to 7.10) | Deployment Types.
Access Permissions
The following table on this page summarizes the access rights and restrictions for Intershop Commerce Platform projects:
| Application/Service | Subsection | Environment | Notes | ||
|---|---|---|---|---|---|
| INT | UAT | PRD | |||
| ICM | Storefront | OPS/DEV/CUSTOMER | |||
| Organizational Backoffice | (OPS)/DEV/CUSTOMER | ||||
| Operations Backoffice | OPS/DEV | OPS/DEV (new) | See Access to Operations Backoffice (PRD) | ||
| System Management Console (SMC) | OPS/DEV | OPS/DEV (new) | See Access to SMC (PRD) | ||
| SSH (to virtual machines) | OPS/DEV | OPS | |||
| Database | OPS/DEV1 | OPS | |||
| SolrCloud | Admin Frontend | OPS | |||
| IOM | Admin Console (OMT) | OPS | |||
| Database | OPS | ||||
| CI/CD services | Azure DevOps | OPS/DEV | OPS/DEV | OPS | |
Jenkins | OPS/DEV | OPS/DEV | OPS | Miscellaneous processes (deployments, restart web server or application server, synchronization processes, etc.) | |
| Logs | Shared File System (ICM) | OPS/DEV | |||
DB Credentials
1 The DB credentials for INT can be found in the orm.properties file. UAT (or any other NonPRD environments) DB credentials may be requested via service desk ticket on demand.
The connection to any NonPRD DB will be done via SSH connection to INT environment (app server). For further details see here: Guide - Intershop Commerce Platform Database Handling \ Connect To SQL Database
Newly introduced access options are marked accordingly.
For existing Intershop Commerce Platform projects, you can request the new access options via a ticket. Please name the main technical contact when creating a ticket.
Access to Operations Backoffice (PRD)
A main contact person (e.g., DEV lead engineer) of the implementation partner receives a dedicated user with appropriate authorizations. If required, this user may create additional users (maximum of three users).
Determinations:
- In general, the access option should be used for reading purposes ("read access").
- Beyond "read access" the user is allowed to perform the following activities:
- user management (add, update users, etc.)
- data replication status check
- data replication process creation
- manual starting of data replication process
- activate/deactivate services next to transport configurations
- enable/disable URL rewriting
- If these changes are expected to affect the operation of the platform in any way, the operations team should be informed in advance.
- Any other configuration changes must be agreed in advance with OPS (such as service configurations, etc.)
Taking action and making changes in the PRD operations back office may have a serious impact on the environment. Service failures caused by the implementation partner are the responsibility of the implementation partner and must be reported immediately. For reasons of traceability, user auditing is activated.
Access to SMC (PRD)
A main contact person (e.g. DEV lead engineer) of the implementation partner receives a dedicated user with appropriate authorizations. If required, he may create additional users (maximum of 3 users).
Determinations:
- In general, the access option should be used for reading purposes. ("read access")
- Beyond "read access" the user is allowed to perform the following activities:
- check the job status and configuration, as well as manual starting,
- manage process chains
- use the file browser (access log file and if necessary also sites or any other desired ICM directory),
- check active properties settings,
- use monitoring features (e.g. locking conflicts when executing jobs).
- If these changes are expected to affect the operation of the platform in any way, the operations team should be informed in advance.
- Any other configuration changes must be agreed in advance with OPS.
Taking action and making changes in the PRD SMC may have a serious impact on the environment. Service failures caused by the implementation partner are the responsibility of the implementation partner and must be reported immediately. For reasons of traceability, user auditing is activated.
The following must be considered when using the SMC:
Be careful with file downloads in SMC. The file browser should be used to download individual files only. The ZIP file feature should not be used.
No logging adjustments should be made.
No adjustments to the performance monitoring should be made.
No thread or heap dumps should be created.
During the Setup Phase
During the setup phase, before the shop is live, the changes on PRD are lot less critical. For this reason, the access to PRD for DEV is at that point similar to those on UAT. It means full access to Operations back office and System Management Console.
The switch between the access rights during the setup phase and those described above takes place at the end of the hyper care phase.
Restrictions
Intershop wants the best possible security for all components for a customer solution. Therefore, the sources and the build process as well as the build results must be located on the Intershop platform in the controlled Azure DevOps environment. It is not possible to operate container images, built outside of this environment.