Fluent Commerce Logo
Docs
Sign In

Users, Roles, and Permissions

Essential knowledge

Authors:

Randy Chan, Esma Tuzovic, Cille Schliebitz, Holger Lierse, Ben Harrison

Changed on:

6 May 2024

Overview

The Fluent platform provides a comprehensive user role management system, allowing for the assignment of diverse permissions via roles to regulate platform access and functionalities. Custom roles can be created and fine-tuned, ensuring users only have access to appropriate functionality and data. The system provides flexibility to specify the scope for a role at different context levels, such as Accounts, Retailers, and Locations.

Key points

  • A role can be assigned to multiple users, and a user can be assigned multiple roles.
  • Permissions are granular access controls and protect every GraphQL or REST API operations. GraphQL permissions follow specific naming conventions.
  • Context plays a pivotal role in access levels, allowing users to have role-based access to data for specific Accounts, Retailers, or Locations.

Users

The Fluent platform comes with user role management, which defines the actions a user can undertake, such as modifying a workflow or editing a location. To configure a user, permissions must be assigned to roles, and then roles must be assigned to users at a specific context level. Users may be assigned one or multiple roles at different context levels.

No alt provided

User types 

The user

`Type`
field on a user represents the nature of the user. For example, a user with type API would indicate that this user is being used by an external system to integrate with the Fluent Commerce platform. Ultimately the roles assigned to the user define what access that user has, regardless of the user type. For more information on user types check Users Configuration Overview.

Permissions 

Represents a single access right. Permissions follow a naming convention of NOUN_VERB (e.g. ORDER_UPDATE). They allow users to perform specific actions on an entity, such as VIEW, CREATE, and UPDATE. For example, the ORDER_UPDATE permission allows a user to edit the Order entity. 

Permissions are assigned to roles, enabling the role to perform specific actions. The list of permissions defined by the Fluent platform can be found in the GraphQL Permissions list.

GraphQL Permissions

Permissions currently protect every GraphQL operation

  • Query permissions on entities follow an <ENTITY>_VIEW naming convention.
    Example:
    • The orders query is protected by the ORDER_VIEW permission
  • Mutation permissions on entities follow <ENTITY>_CREATE and <ENTITY>_UPDATE permissions, respectively.
    Examples:
    • The updateOrder mutation is accessed via the ORDER_UPDATE permission.
    • The createOrder mutation is accessed via the ORDER_CREATE permission.

Roles 

A collection of permissions that can apply to a User in a given Context. Users can be assigned one or multiple roles. Roles can be created using GQL mutation or in the OMS web apps. For more on Role creation and editing within OMS web apps, consult How to create and edit a Role.

Some

`ROLE`
names are fixed values such as GRAPHQL, ADMIN, and STORE_ASSISTANT. However, you can also personalize the Role naming, E.g. FINANCE_USER. 

There is a set of roles that come with every account, this is how you retrieve them: 

1{
2    roles(first:1000){
3        edges{
4             node{
5                name
6                permissions{
7                    name
8                }
9             }
10        }
11    }
12}

Language: plain_text

Name: Retrieving Roles

Description:

[Warning: empty required content area]

Custom Roles

You can also create your own custom roles to fit your unique business requirements, either in the OMS Webapp (consult the Role Creation and Editing Mutations article), or via GraphQL mutation here is an example: 

1mutation createRole {
2    createRole (
3        input: {
4            name: "${role}",
5            permissions: [
6                {name:"${name}"}
7                ...
8            ]
9        }
10    ) {
11        id
12        name
13    }
14}

Language: plain_text

Name: GraphQL mutation to create a custom Role

Description:

[Warning: empty required content area]


User management

When a user as the ROLE_MANAGER and the USER_MANAGER roles assigned on ACCOUNT context level, it can perform user management tasks.

Users who have these roles assigned are allowed to perform the following actions:

  • SEARCH and LIST users.
  • ADD new users.
  • MODIFY existing users.

Check the above "Viewing all permissions" callout to see all available User permissions.  

Configuration 

You can configure Users (create, add, and delete) via SSO (using a Corporate IDP Integration) or directly in the User admin section in the Fluent OMS app (read User Configuration Overview to learn more). However, Roles & Permissions are currently managed via Fluent, unless you decide to use the Fluent-supported SCIM Connector. Learn about Exploring Roles & Permissions via the UI

Configuring permissions for Fluent Apps

Relationship between Users, Roles, and Context

  • User management provides the capability to control who has access to the Fluent platform.
  • A user can have multiple roles, and each of these roles may be associated with a context, which can be the account, any retailer, and/or any location within the account. 
  • Context applies all the Roles for a User at a specific level. You can for example restrict a User's access to an Account, a Retailer (case scenario where you only want access to a specific brand/retailer), or a Location (case scenario where a store operator only needs Fluent Store access to the Store where they are operating).
No alt provided
Example 1: Giving admin access to a Retailer
No alt provided
  • Admin User A1 can access Retailer 1 data
Example 2: Giving admin access to multiple Retailers
No alt provided
  • Admin User A2 can access Retailer 1 & Retailer 2 data
  • The context switcher allows the filtering of some data by Retailer
Example 3: Giving store access to multiple Locations
No alt provided
  • Store User S1 can access Retailer 1 and Location 1 and 2 data
  • The context switcher allows to filter by retailer-specific data (
    `fulfilments`
    only)


Randy Chan

Randy Chan

Contributors:
Esma Tuzovic
Cille Schliebitz
Holger Lierse
Ben Harrison

Copyright © 2024 Fluent Retail Pty Ltd (trading as Fluent Commerce). All rights reserved. No materials on this docs.fluentcommerce.com site may be used in any way and/or for any purpose without prior written authorisation from Fluent Commerce. Current customers and partners shall use these materials strictly in accordance with the terms and conditions of their written agreements with Fluent Commerce or its affiliates.

Fluent Logo