Administrator authority to act for a registered customer

An administrator can act on behalf of a registered customer for multiple requests in a session by running the RunAsUserSetInSession URL. If an administrator has the required authority to act on behalf of a registered customer, the administrator can assume the identity for that customer for all subsequent requests. By default, the administrator running on behalf of a registered customer can perform all actions that the registered customer can perform. While acting on behalf of a registered customer, the administrator cannot run any administrative commands.

After the RunAsUserSetInSession URL has successfully switched the administrator's identity to the identity of a registered customer, HCL Commerce does the following:

  • Sets the user ID associated with the current request to the specified customer's ID.
  • Causes the command context to recompute values such as the customer's active organization.
  • Causes all subsequent commands (until the switch is reversed) to include the customer's identity and active organization into the administrator's session information.
  • During every subsequent request, extracts the customer's identity and active organization from the administrator's session.

Before allowing the administrator to run a command under the customer's identity, HCL Commerce ensures that the administrator has proper authorization to do so as follows:

  1. Checks if the customer is registered in the administrator's authorization domain.
  2. Checks that the command is defined in the forUser access control policies.
  3. Checks to see if the customer can execute the command.

To switch back to his or her original identity, the administrator runs the RestoreOriginalUserSetInSession URL. This removes the customer's information from the administrator's session and restores the administrator's session information to the state prior to switching to the customer's identity.

Note that in the current release of HCL Commerce there are no user interfaces to support this feature.