When a user first accesses an e-commerce site and is browsing product pages, the user is running as a generic user. The generic user has a common user ID (-1002) that is used across the entire system. The use of a common user ID on the site minimizes system resource usage. Once the user performs an operation that requires a unique identity, for example, adding a product to the shopping cart, the user is converted from a generic user to a unique guest user. A guest user has a unique user ID, but no password. This user implicitly belongs to the Default Organization and does not have any roles in the site. Depending on the business model of the store, and the access control policies, the user may be able to do other operations on the site, for example, placing an order. Both the generic user and a unique guest user have the registration type of "G" (Guest user). If the guest user registers to the current store, then the user is converted to a registered user, and any assets that the guest user owned will now be owned by the registered user.

A registered user has a unique logon ID and password, and is required to provide some profile data for registration purposes. This user has registration type of "R" (Registered user). The user would typically have the Registered Customer role in the current store's organization. Other roles can be automatically assigned during registration by configuring the MemberRegistrationAttributes.xml file. If the user is later assigned the Site Administrator role, its registration type would be changed to "S" (Site Administrator). If the user is later assigned any other administrative role, for example, Customer Service Representative, the user's registration type would change to "A" (Administrator). Approval may be required for user registration, depending on the configuration of the parent organization. If approval is not needed, the user will automatically be in approved state. If approval is needed, the user will initially be in pending approval state. Once the registration has been processed, the user will be in approved, or rejected state. Only approved users can log into the site. If a user's registration is rejected, the user could try to register again. Registered users can be classified according to their profile type; that is, profile type B denotes a business user (or a B2B direct or value chain customer) and profile type of C denotes a retail user (or a consumer direct customer). It is recommended that business users belong to their appropriate organizational entity in the membership hierarchy instead of the Default Organization. This means that, when a business user registers, the organizational entity that the user belongs to should be specified. If it is not specified, WebSphere Commerce will default to using the Default Organization.