Membership hierarchy

Users and organizational entities within the Member subsystem are organized into a hierarchy. Generally this hierarchy mimics a typical organizational hierarchy, with entries for organizations and organizational units, and entries for users in the leaf nodes. The hierarchy includes artificial organizational entities created specifically to support access control.

The following diagram shows a sample membership hierarchy:

This image shows the organizational hierarchy of users and organizational entities in the member subsystem, beginning with the root organization at the top and other entities such as seller organizations, buyers, users, and stores below.

The entries in the hierarchy are as follows:

Root Organization
The Root Organization is at the top level of the organization and is its own parent. All organizations in WebSphere Commerce organization structure are descendants of the Root Organization. The Root Organization owns site level access control policy groups and their associated policies, and is automatically assigned all roles included in the WebSphere Commerce product. The MEMBER_ID value for the Root Organization is -2001. This value should not be changed.
Default Organization
Under the root is the Default Organization, and organizational entities that represent the seller and buyer organizations in the WebSphere Commerce system. When a user registers and does not identify an organizational entity to which the user belongs, the Default Organization will be used. All guest customers and customers in consumer direct businesses are created under the Default Organization. It is recommended that when a business user (with profile type B) registers that the business user identify the appropriate organizational entity that he belongs to instead of defaulting to the Default Organization. The parent member of a user is the immediate organizational entity to which the user belongs. A user can specify his parent organizational entity during registration. If he does not specify his parent organizational entity, the Default Organization will be used the parent. The MEMBER_ID value for the Default Organization is -2000. This value should not be changed.
Note the following considerations about the Default Organization:
  • OrgAdminConsole: This tool to manage business users and administrators does not list users under the Org -2000 (Default Org), or allow users to be created under the Default Org, since it assumes that is where B2C Shoppers (and guest users) are kept. Accelerator can be used to manage B2C shoppers.
  • Access Control: By default, Default Org (-2000) subscribes to GuestShopperManagementPolicyGroup which allows for some administrators (regardless of where they play their role) to manage the users under the Default Org. Guest users are implicitly owned by the Default Organization (-2000), when an access control check is done on this type of user, since guest users do not exist in the MBRREL table.
  • MemberRegistrationAttributes.xml: By default, it has configurations that assume the Default Org DN.
  • UserRegistrationAdd command: If no parentMember is specified (for example, the B2C scenario), the user will be placed under the Default Org.
Sub-organizational entities
One or more other levels of organizational entities can exist beneath the parent organizational entities. An administrator can add as many child organizational entities as necessary to support their business.
Each organizational entity can have multiple users. Each user can belong to only one organizational entity.

WebSphere Commerce ProfessionalWhen you create a WebSphere Commerce user, you create do so by creating a profile for the user, using the Organization Administration Console. In this case, users are created as part of the Seller Organization, whereas users that register without identifying an organizational entity to which they belong, the Default Organization is used. Guest customers are also created under the Default Organization.

WebSphere Commerce Enterprise When you create WebSphere Commerce users or customers, you can create them under an organization of your choice. Guest customers are automatically created under the Default Organization. Registered users can be classified according to their profile type: profile type B denotes a business user (or a B2B direct or B2B indirect customer) and profile type of C denotes a retail user (or a consumer direct customer). It is recommended that business users belong to their appropriate organizational entity in the membership hierarchy instead of the Default Organization; that is, when a business user registers, the organizational entity that the user belongs to should be specified, otherwise WebSphere Commerce will default to using the Default Organization.

Note that an organizational entity is typically an organization, such as "IBM", whereas an organizational unit is within an organization, such as "Electronic Commerce Division".

The MBRREL table stores membership hierarchy information, and must be populated for every user and organizational entity. The MBRREL table only contains entries for registered users. Guest customers always have the Default Organization as their parent organizational entity. The members that are above a user or organizational entity in the membership hierarchy are referred to as the ancestors of that user or organizational entity. The immediate ancestor is also referred to as the parent. The relationship of the user to its parent organizations is defined in the MBRREL table and also mirrored in the DN for the user.