Administrator authority to act for a registered customer

An administrator can act on behalf of a registered customer for multiple requests in a session by running the RunAsUserSetInSession URL. If an administrator has the required authority to act on behalf of a registered customer, the administrator can assume the identity for that customer for all subsequent requests. By default, the administrator running on behalf of a registered customer can perform all actions that the registered customer can perform. While acting on behalf of a registered customer, the administrator cannot run any administrative commands.

After the RunAsUserSetInSession URL has successfully switched the administrator's identity to the identity of a registered customer, WebSphere Commerce does the following:

Before allowing the administrator to run a command under the customer's identity, WebSphere Commerce ensures that the administrator has proper authorization to do so as follows:

  1. Checks if the customer is registered in the administrator's authorization domain.

  2. Checks that the command is defined in the forUser access control policies.

  3. Checks to see if the customer can execute the command.

To switch back to his or her original identity, the administrator runs the RestoreOriginalUserSetInSession URL. This removes the customer's information from the administrator's session and restores the administrator's session information to the state prior to switching to the customer's identity.

Note that in the current release of WebSphere Commerce there are no user interfaces to support this feature.


Related concepts
Temporary changes to contextual information for URLs


Related reference
RunAsUserSetInSession URL
RestoreOriginalUserSetInSession URL