SETUSERACCESSRIGHTS
The SETUSERACCESSRIGHTS command is used to set, change, or remove a user's access rights. However, this command will not create or remove users from the WCSRealm you are using to authenticate users. Before using the SetUserAccessRights command, make sure the user has been added to the WCSRealm.
- Adding user access
- If you want to add a user's access rights, first add that particular user to the WCSRealm and then issue the SetUserAccessRights command.
- Removing user access
- If you want to remove the user's access rights, issue the SetUserAccessRights command first to remove the user's access rights and then remove the user from the WCSRealm.
| Required keywords | Value |
|---|---|
| ETAPIVERSION | "3" (Indicates WebSphere Commerce Payments-or predecessor product-API version: Version 2.1.x, 2.2.x, 3.1.x, 5.5.x, and 5.6.x) |
| MERCHANTNUMBER | String form of numeric merchant number. This keyword is required if any of the roles specified is merchant specific. Merchant number must be from 1 to 999999999. For users other than the Payments Administrator, multiple keyword-value pairs can be specified. |
| OPERATION | ASCII character string "SetUserAccessRights." |
| ROLE | String form of numeric value. |
| USER | ASCII character string with a maximum length of 40 bytes. (Note that a user may not update himself. That is to say, user "admin" may not call SETUSERACCESSRIGHTS with the user parameter set to "admin".) |
To set or change a user's access rights, specify the role and the merchant numbers on the command. To set or change a user's access rights such that the user has a role with multiple merchants, you must repeat the keyword-value pairs of the merchant number multiple times. The merchant numbers must be specified if any role given is merchant-specific and must not be specified if the role given is non-merchant-specific.
- If the Role parameter is not specified, this command can be used to remove a user's access rights. In which case, the WebSphere Commerce Payments will ignore the merchant numbers (even though they are specified in the command).
- A user may not update himself. That is to say, user "admin" may not call SETUSERACCESSRIGHTS with the user parameter set to "admin".
Access control rules for Merchant Administrators
Only the Payments Administrator and the Merchant Administrator can assign or change a user's permission (or role). The Payments Administrator can assign or change any user's access rights and can assign or change a user's role to whatever he wants that user's role to be, including the role of Payments Administrator. Whereas the Merchant Administrator can assign or remove a user as a Merchant Administrator, Supervisor, or Clerk, he cannot assign or change a user's permissions to that of Payments Administrator.