WebSphere Commerce deployment checklist: Access control

Is access control on commands and on JSP pages applied appropriately?

Is access to administration tools (WebSphere Commerce Accelerator, Administration Console and Organization Administration Console) outside the firewall properly configured, or disabled?

Are the right subset of roles assigned to the right set of administrators? Do any passwords need to be reset?

During testing, you may have used a user assigned the Site Administrator or Seller role, but as the system is rolled out to specific users for specific roles, make sure they have been assigned only the roles they are allowed to perform.