The document outlines the role and record-based security features of Hitachi Solutions' eCommerce platform, emphasizing multi-tenant user management and the assignment of various roles to enhance collaboration among customer service representatives (CSRs). It details ten primary roles with specific access levels for different modules, as well as the responsibilities of security administrators in managing user access. The document also highlights security features such as audit trails, PCI compliance, and restricted access to organizational setup options.

1. © Hitachi Solutions. 2015. All rights reserved.
Role & Record
Based Security with
Hitachi Solutions
Ecommerce

2. © Hitachi Solutions. 2015. All rights reserved.
Contents
1. Feature Overview
2. Types of roles in the Manager Panel
3. Assign roles to individual users
4. Assign channels and companies
5. View and edit profile details
6. Restricting ‘Write’ access to Manager Panel records
7. Security features
8. Restricted access to fundamental organization setups
9. Accessing organization menus
2

3. © Hitachi Solutions. 2015. All rights reserved.
Feature overview
• Multi-tenant User Management - A security manager can assign various companies, channels and
records that a CSR can access along with individual roles in the Manager Panel. This helps improve
collaboration between CSRs across different channels for a multi-tenant merchant.
• Intuitive User Interface - The Manager Panel UI is user friendly and allows the Security Manager to
create new users/CSRs and assign them business roles with a single click.
• PCI - PADSS Compliant - Payment gateway configurations are accessible only to authorized ‘Payment
Managers’ as per PCI-PADSS 2.0 standards. Audit trail logs that track all CSR activities are maintained in
the Manager Panel as well.

4. © Hitachi Solutions. 2015. All rights reserved.
The Manager Panel user/CSR’s activities in the Manager Panel are defined by the roles assigned to him by the Security Administrator. Ten primary
roles have been created that segregate activities based on the different modules in the Manager Panel. A merchant can request for additional roles to
be created as per his business needs. Roles based security allows users belonging to partner legal entities such as dealers or franchise retailers to
login to the Manager Panel to service their orders directly.
Types of roles in the Manager Panel
Role Description
Catalog Manager This role has read and write access to the Catalog
Module.
Content Manager This role has read and write access to edit virtual
pages, content blocks, content groups and articles.
Customer Manager This role has read and write access to the
Customer Module.
Marketing Manager This role has read and write access to the
Marketing Module.
Operation Manager This role enables operations on the Integration
Related Screen.
Returns Manager This role has read and write access to the Returns
Module.
Sales Manager This role has read and write access to the Sales
Module.
Security Administrator This role has read and write access to the
Manager Panel User Security Module.
Setup Manager This role has read and write access to the Setup
Module.
Payment Manager This role has read and write access to the Online
Payment Account Configuration Module.

5. © Hitachi Solutions. 2015. All rights reserved.
The Security Administrator is authorized to create new users/CSRs via the security module and assign them specific roles that determine their levels of
access to the various modules in the Manager Panel. These roles can be modified at any time.
Security Administrator assigns roles to individual users

6. © Hitachi Solutions. 2015. All rights reserved.
Multi-tenant merchants can provide CSRs access to multiple channels and/or companies they operate. These authorizations can be modified at the
security administrator’s discretion.
Assign channels and companies

7. © Hitachi Solutions. 2015. All rights reserved.
Every user/ CSR has access to his own account and can edit his profile information such as name, designation, and ERP & CRM sales rep IDs as used
in the corresponding ERP & CRM solutions. The user cannot modify the roles, channels or companies assigned to him by the Security Manager.
View and edit profile details

8. © Hitachi Solutions. 2015. All rights reserved.
8
Based upon the roles assigned to him, a CSR would have Read, Write & Full Access to the various modules in the Manager Panel. For examples, if a
CSR is assigned the role of Sales Manager, he would have complete access to the sales module and would be able to place orders, quotes, manage
invoices, create payments etc.
Assigned role determines access to Manager Panel records

9. © Hitachi Solutions. 2015. All rights reserved.
If a CSR has not been assigned a particular role in the Manager Panel, then he would have only Read access to that module. This means that he would
not be authorized to make any changes, or use any of the features in that particular module. By providing only Read access the merchant continues to
ensure information sharing and collaboration between the CSRs, while guaranteeing data security for that module.
Restricting ‘Write’ access to Manager Panel records

10. © Hitachi Solutions. 2015. All rights reserved.
10
A detailed record of all user activity is maintained in the Audit Logs in the
Security module and accessible to the Security Manager and
Organization Administrator as required. The reports can be downloaded if
necessary. This feature ensure compliance with PCI 3.0 standards.
User activity record Restricted access to security policies
The security policies related to all security parameters in the Manager
Panel can be accessed and managed only by the Organization
Administrator or the default Security Administrator. Only they can edit
the login and password policies that govern your web store.
Security features

11. © Hitachi Solutions. 2015. All rights reserved.
Only the Organization Administrator and Security Administrator (created during the initial organization creation) are provided access to the basic organization set
ups in the Manager Panel. Only these users can create new organizations, and modify the URL master and the security setups. These parameters can be
modified as per the merchant’s business requirements.
Restricted access to fundamental organization setups

12. © Hitachi Solutions. 2015. All rights reserved.
The Organization Administrator or the Security Administrator authorized to access the organization menus described in the previous slide, can access
the same by clicking on the organization link in the footer of the Manager Panel.
Accessing organization menus

13. © Hitachi Solutions. 2015. All rights reserved.
Thank You.