User registration approval flow
WebSphere Commerce member data is stored in one of two repository types: the WebSphere Commerce database, the directory server.
The Site Administrator configures the system to register users and organizational entities using one of these repositories.
You can customize the registration process by using the properties files included in WebSphere Commerce. The properties files allow you to configure optional and mandatory fields. You can also specify which information is enabled for multiple languages. For more information about the properties files, see Sample: Member subsystem properties files.
By default approval is required for all users except those that are created under the Default Organization. Approval is not required in the following instances:
- site administrator registers organizational entities
- creating member groups
- updating information for existing members
Once a member group is created, its owner cannot be changed.
During user registration, if a parent organizational entity is not specified, the parent defaults to the Default Organization. During registration of new organizational entities, if a parent organizational entity is not specified, the parent defaults to the Root Organization. Once an organizational entity is created, its name cannot be changed. Its unique identifier also cannot be changed.
Associated with each registered user and organizational entity is a unique identifier.
- If directory server is used as the member repository, the unique identifier is the distinguished name (DN) of the member in the directory server.
- If the WebSphere Commerce database is used as the member repository, the unique identifier
is also in the format of the DN as follows:
uid=logonIdvalue
followed by the DN of the user's parent organizational entity.
For example, if the WebSphere Commerce database is used as the member repository, and there
is a registered user with logonId JohnSmith
, and he has specified that he belongs
to the Software Division (an organizational unit) within the IBM organization during his
registration, then his unique identifier would be uid=JohnSmith, ou=Software Division,
o=IBM, o=Root Organization
. Warning: the values which form the various parts of the DN are
case-sensitive in the case when the database is used as member repository.
A single approval flow for user registration is shipped with WebSphere Commerce. By default, this single approval flow supports one level of approval. If this flow is modified, all organizational entities that want user registration approval will be affected. Each organizational entity has the freedom to select whether it wants approval by owning approver groups.
To use approvals, you must create approver groups, which are owned by the organizational entities. Approver groups are member groups. For example, an organizational entity may own three approver groups: user registration approval, order approval, and contract approval.
By default, if a user registration is rejected, the rejected user will not be able to log onto WebSphere Commerce. Users whose registration is pending approval not be able to log on until they have been approved.
From a security perspective, as far as indicating whether an organizational entity wants approval, the following apply:
- The existence of an approver group indicates that the organizational entity wants approval. For example, if an organizational entity wants user registration to be approved, it should own an appropriate user registration approver group.
- The membership hierarchy will be climbed when the system looks for an approver group. This saves administrative effort in that there is no need for one approver group to be defined for each level of the organizational hierarchy.
- The logic from the WebSphere Commerce approvals component supports any organization to overwrite the parent organization's decision regarding approvals.
To allow an organization to override the parent organization's approval requirement, the disable member groups are included in the list of approval levels for an organization. The Site Administrator can open the Organization Administration Console, select to view all organizations. From this list, the Site Administrator can select an organization and click Approval to view a list of approval groups for the organization and select approval groups from this list and move them to the Selected roles list. The default available approval groups are as follows:
- Contract Submit Approvals
- Order Process Approvals
- RFQ Response Approvals
- User Registration Approvals
- Reseller Registration Approvals
- DisableInherited Contract Submit Approvals
- DisableInherited Order Process Approvals
- DisableInherited RFQ Response Approvals
- DisableInherited User Registration Approvals
- DisableInherited Reseller Registration Approvals
By default, the root organization has the User Registration Approvals group added to the Selected roles list and the default organization has the DisableInherited User Registration Approvals group added to the Selected roles list. The implication of this default setting is as follows:
-
A user registering to any organization except the default organization requires approval, unless this organization explicitly disables the approval.
-
A user registering to the default organization does not require approval.