18.13.3. Segregation of users

The Adminapp can be configured such that different administrator users manage different sets of users. How sets of users are specified depends on the capabilities of the underlying User Persister plugin.

The segregation of users is configured as follows:

  • Where: Adminapp >> Users >> Group Advanced Settings >> Property Admin Role Specific Settings
  • How: 
    • The list of "admin-role specific settings" allows for defining a separate user data source depending on the administrator's roles: Based on the role of an administrator, the configured properties are used whenever an administrator interacts with users
    • It is, for example, possible to configure the user persister configuration.

Example:

The following configuration excerpt illustrates the implementation of user segregation.

  • All users are stored in a database table “medusa_user” and each row contains a field bizzunit specifying whether a user belongs to the business unit Europe or Americas.
  • The configuration defines the administrator role useradmin, useradminAM, and the useradminEU and maps the latter two to the corresponding user persister settings.
  • The configuration of the Database User Persister plugin then assures that administrator with role useradminAM can only manage users of business unit Americas whereas administrators with role useradminEU can only manage users of business unit Europe.
  • Administrators with role “useradmin” can manage all users (even users that have another or no business unit).
30808623.png

Additionally it is configured, that the attributes that are displayed in the user list page are different for the two user sets.

30808622.png

The configuration for American users is different (email and birthdate instead of surname and country).

30808671.png

Using User Group Settings, you may now define what user attributes to display per user group. It is configured here: Adminapp >> Users >> Group Settings.