Defining user permissions and roles

As a IBM® Sterling Intelligent Promising user, you can define user permissions while adding a new user by using the Order Hub UI. Based on the defined user permissions, you can grant or revoke access to various pages on Order Hub UI.

If you are using an Order Management System other than Sterling Order Management System, you can implement an API endpoint to define user permissions.

If you are using Sterling Order Management System, you can use the Applications Manager to define user permissions. For more information, see Adding users.
Note: To connect the Order Hub UI to an Order Management System, see Configuring the UI to receive inventory data.

User roles

By default, IBM provides two roles that control the pages that a user can access in the user interface. Users that have access to the page also have permission to all actions within the page.

Tenant administrator
User is responsible for tenant administration tasks such as system configuration and user management.
Has access to all pages and actions in the Settings menu, including the following settings:
  • Alerts
  • Distribution groups
  • Configurations
  • User roles
Fulfillment manager
User is responsible for performing inventory tasks.
Access to all inventory pages and some pages within the Settings menu.
  • Inventory
  • Settings
    • Distribution groups

Defining user permissions

To define user permissions, you can either add new users or edit existing users.
Note: Log in to Order Hub UI at https://www.supply-chain.ibm.com.
By default, you can define 3 types of permissions to a IBM Sterling Intelligent Promising user. You can define one or more of the following permissions to a new or an existing user.
Fulfillment manager (view only)
This permission enables users to only view inventory-related pages on Order Hub UI but cannot perform related actions.
Fulfillment manager
This permission enables users to view and perform inventory-related actions. The users with this type of permission can access all inventory-related pages and Distribution groups pages from the Settings menu.
Tenant administrator
This permission enables users to perform tenant administration and user management tasks. The users with this type of permission can access all pages from the Settings menu.
Note: For Order Management System and Sterling Intelligent Promising customers, the user role permissions are managed from Order Management System user/group settings.

Creating a customer endpoint to define user permissions

If the existing roles are not appropriate for your needs or you want to limit access to the actions within the page, you can create a custom endpoint to define user permissions. With custom user permissions, you can grant or revoke access to all pages and actions within the user interface. For example, you might want to allow a user to transfer inventory but deny the ability to adjust safety stock.

Note: You cannot create custom user permissions for the Configuration and User roles menu. For users that need access to these pages, assign the user the Tenant administrator role in the user interface. For more information, see Adding users.

getResourcesForUser API

The user interface calls the getResourcesForUser API whenever a user logs in. You can implement this API endpoint to return all the permissions (pages and actions) that you want to grant to the user.

API request payload

This example shows a sample request from the user interface.
{
    "ApplicationCode": "buc",
    "Loginid": <user_email_id>
}

This example shows an API end point that you need to implement: <oms_end_point>/restapi/invoke/getResourcesForUser

API response payload

Each page an action has a unique ResourceId. Ensure that the response payload contains only the objects with the ResourceId that you want the user to have access to. Use the following JSON sample responses as a reference.
  • The getResourcesForUser_full response grants permissions to all the pages and actions within the Inventory and Settings menus:
  • The getResourcesForUser_settings response grants permissions to all pages and actions within the Inventory menu but only the Settings > Distributions groups page in the Settings menu.
  • The getResourcesForUser_transfer response grants permissions to all view all pages within the Inventory menu, but only the ability to complete the Transfer inventory action. This response revokes the ability to Adjust safety stock or Set fulfillment options.

ResourceID reference list for Inventory menu

  • Inventory page:
    • Search for inventory option: BUCINV0010
      • Search results page: BUCINV0002
      • View details action: BUCINV0002AT0001
      • Adjust safety stock action on the search results page: BUCINV0002AT0002
      • Set fulfillment options action on the search results page: BUCINV0002AT0003
      • Transfer inventory action on the search results page: BUCINV0002AT0004
    • Search for inventory audits option: BUCINV0009
      • View details action: BUCINV0010AT0001
    • Item details page: BUCINV0003
      • View details action: BUCINV0003AT0001
      • Adjust safety stock action: BUCINV0003AT0002
      • Set fulfillment options action: BUCINV0003AT0003
      • Transfer inventory action: BUCINV0003AT0004
      • Summary tab: BUCINV0003IP0001
      • Filter action: BUCINV0003IP0002
      • Nodes tab: BUCINV0003IP0003
    • SKU details page: BUCINV0004
      • Adjust safety stock action: BUCINV0004AT0001
      • Set fulfillment options action: BUCINV0004AT0002
      • Transfer inventory action: BUCINV0004AT0003
      • Summary tab: BUCINV0004IP0001
      • Filter action: BUCINV0004IP0002
      • Supply and Demand charts: BUCINV0004IP0003
      • Node tab: BUCINV0004IP0004
      • Inventory audit tab: BUCINV0004IP0005
    • Adjust safety stock page: BUCINV0005
      • Save action: BUCINV0005AT0001
    • Set fulfillment options page: BUCINV0006
      • Save action: BUCINV0006AT0001
    • Transfer inventory page: BUCINV0007
      • Transfer action: BUCINV0007AT0001
    • Inventory alerts page: BUCINV0008
      • Dismiss action: BUCINV0008AT0001
      • Adjust safety stock action: BUCINV0008AT0002
      • Set fulfillment options action: BUCINV0008AT0003
      • Transfer inventory action: BUCINV0008AT0004
      • Edit triggering threshold action: BUCINV0008AT0005

ResourceID reference list for Settings menu

  • Alert thresholds page: BUCSET0003
    • Create action: BUCSET0003AT0001
    • Edit action: BUCSET0003AT0002
    • Delete action: BUCSET0003AT0003
    • Duplicate action: BUCSET0003AT0004
  • Distribution group page: BUCSET0004
    • Create action: BUCSET0004AT0001
    • Edit action: BUCSET0004AT0002
    • Delete action: BUCSET0004AT0003
    • Duplicate action: BUCSET0004AT0004
  • Customization page: BUCSET0009
    • Save action: BUCSET0009AT0001