Configuring Staff Roles

You can provide access to sensitive data to only those staff members who need it to do their job. You can regulate the access using the following privileges:

  • View Sensitive Account Information in CCPv2 in Operations
  • ACCESS_SENSITIVE_PERSONAL_DATA in Billing

Staff members granted with a role containing such privilege will be able to see the personal and sensitive information of all your users when viewing the data in the Provider Control Panel or impersonating a user. To staff members not granted with such privilege, sensitive information will be masked with asterisks, and the rest of the personal information will be displayed. However, if a non-privileged staff member opens a form with a user's personal information, the member will not be able to submit it (for example, a Place Order form).

These privileges also regulate the access to a user's sensitive data when performing XML RPC or REST API requests. If a read-only request is performed on behalf of a user with insufficient privileges, the user's personal data in the response will be masked. Requests to modify data, if called on behalf of a user with insufficient privileges, will be declined by the system.

Important: To preserve CloudBlue Commerce behavior during GDPR deployment and configuration, the privileges specified above are included in all roles in the system by default. Remember to remove the privilege from any roles that do not require access to personal data.

To enable or disable the privilege in an Operations role, do the following:

  1. In the Operations Control Panel, go to System > Settings and click Security.
  2. Click the role you want to modify.
  3. Open the Privileges tab and click Edit.
  4. Locate the View Sensitive Account Information in CCPv2 privilege and select the box to enable the privilege in the role, or clear the box to disable it.
  5. Click Submit to apply the changes.

To enable or disable the privilege in a Billing role, do the following:

  1. In the Billing Control Panel, go to System > Settings and click Security.
  2. Click the role you want to modify.
  3. Open the Privileges.
  4. To add the privilege to the role:
    1. Click Attach New Privilege.
    2. Locate the ACCESS_SENSITIVE_PERSONAL_DATA privilege in the list and select its box.
    3. Click Attach.

  5. To remove the privilege from the role:

    1. Locate the ACCESS_SENSITIVE_PERSONAL_DATA privilege in the list and select its box.
    2. Click Detach.

© 2024 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal