00:00:05:16 - 00:00:06:17
Now a lot of this
00:00:06:17 - 00:00:10:05
presentation is going to be presentation
slide deck based.
00:00:10:05 - 00:00:13:05
Unfortunately
just because I've got a lot of different
00:00:13:15 - 00:00:17:03
hopefully quite visual representations
of how the different things work,
00:00:17:03 - 00:00:20:11
I've tried to build this in a way
where it really simplifies
00:00:20:11 - 00:00:23:11
and clarifies
what these different scenarios do.
00:00:23:16 - 00:00:27:28
I will try and jump into the software
as much as I can for context,
00:00:27:29 - 00:00:30:29
but we'll see how we get on.
00:00:32:13 - 00:00:34:02
Okay, so
00:00:34:02 - 00:00:37:06
what we're considering,
first of all, is when we're building
00:00:37:09 - 00:00:40:19
or when we're utilizing access
permissions, we're defining
00:00:40:19 - 00:00:43:28
a connection
between a customer and a product.
00:00:44:15 - 00:00:46:20
So a customer logs into the site.
00:00:46:20 - 00:00:48:24
We are defining with access permissions
00:00:48:24 - 00:00:52:03
whether this customer
can see this specific product.
00:00:52:24 - 00:00:55:24
And we're going to call that a connection
between the two.
00:00:55:26 - 00:00:58:24
Now you won't see the word connection
within figure itself.
00:00:58:24 - 00:01:00:19
That's just what I'm using.
00:01:00:19 - 00:01:04:25
It's my term just for clarifying
different areas of this presentation.
00:01:04:25 - 00:01:05:24
Just so that you're aware.
00:01:08:03 - 00:01:10:03
So as we
00:01:10:03 - 00:01:14:01
mentioned from the previous slide,
every customer and product combination
00:01:14:06 - 00:01:18:00
will initially have some form
of default access specified.
00:01:18:10 - 00:01:21:16
So that's either denied or granted.
00:01:22:00 - 00:01:25:00
And that's on a global basis.
00:01:25:11 - 00:01:28:03
During the course of the access
permissions functionality
00:01:28:03 - 00:01:30:21
we create a set of rules.
00:01:30:21 - 00:01:34:04
And these rules establish connections
between the products
00:01:34:04 - 00:01:38:14
and the customer along with determining
how that connection acts.
00:01:38:14 - 00:01:41:14
So whether the connection is granted
or denied access.
00:01:43:22 - 00:01:44:24
What we should consider
00:01:44:24 - 00:01:48:07
as a starting point here is that each
customer and product combination
00:01:48:07 - 00:01:52:03
can only have one connection,
so you can only grant or deny access.
00:01:52:05 - 00:01:54:12
You can't do multiple things.
00:01:54:12 - 00:01:58:10
However, these connections can be
addressed by multiple different rules.
00:01:59:07 - 00:02:03:12
So for example, let's say we've got this,
00:02:04:09 - 00:02:08:00
product detailed as a product on its own.
00:02:08:01 - 00:02:09:22
That might be one rule.
00:02:09:22 - 00:02:13:09
Or we've got a product detailed
as part of a category
00:02:13:09 - 00:02:15:04
which might be done in another row.
00:02:15:04 - 00:02:20:24
Both of them could address the product,
but only one of them can have some kind of
00:02:20:24 - 00:02:25:18
overriding, capability on that connection
and, granted, deny access.
00:02:25:28 - 00:02:28:29
And we'll cover how that works
during the course of the presentation.
00:02:33:03 - 00:02:36:03
So first of all, what are rules?
00:02:36:04 - 00:02:39:04
And I will show you how to make one of
these a little bit later on as well.
00:02:39:24 - 00:02:44:29
So a rule is a connection
between a product and a customer,
00:02:45:04 - 00:02:49:22
which grants or denies access between
that connection of product and customer.
00:02:50:25 - 00:02:52:28
The rules are formed using
00:02:52:28 - 00:02:55:28
what we call scopes and targets,
00:02:56:20 - 00:03:00:00
and these allow for the specification
of more
00:03:00:00 - 00:03:03:20
than just one singular customer
to one singular product within a rule.
00:03:04:12 - 00:03:07:16
So, for example, a scope identifies
00:03:07:16 - 00:03:11:16
either a single customer
or a set of customers to be considered
00:03:11:16 - 00:03:16:00
for access,
and that scope could be a category.
00:03:16:03 - 00:03:18:00
No, sorry, a department.
00:03:18:00 - 00:03:21:00
It could be people accessing
from a certain country.
00:03:21:17 - 00:03:24:17
It could be people with certain
customer roles assigned to them.
00:03:24:23 - 00:03:28:03
All of those could be a scope
which could contain one customer.
00:03:28:09 - 00:03:30:19
It could contain 100
customers. It doesn't matter.
00:03:32:15 - 00:03:33:24
And then we have a target.
00:03:33:24 - 00:03:36:08
And that's kind of the equivalent
for a product.
00:03:36:08 - 00:03:40:09
So identifies either an individual product
or a group of products
00:03:40:09 - 00:03:43:09
or a set of products
to be considered for access.
00:03:43:15 - 00:03:46:15
And that target can be
00:03:47:06 - 00:03:49:10
a category A product group.
00:03:49:10 - 00:03:50:24
It could be a product tag.
00:03:50:24 - 00:03:53:24
There's numerous different ways
we can specify it.
00:03:53:24 - 00:03:57:04
And once we've got a scope and a target,
we can combine that into a rule.
00:04:00:09 - 00:04:03:16
And then that rule basically, as we'll
see, will give us access to either
00:04:03:16 - 00:04:06:16
grant or deny access
between that particular
00:04:06:25 - 00:04:09:25
product and customer.
00:04:15:21 - 00:04:19:15
So when a customer logs into their account
and accesses the storefront,
00:04:19:24 - 00:04:22:18
each of those rules
that we have associated with
00:04:22:18 - 00:04:25:22
the storefront
is evaluated to see if it relates
00:04:25:22 - 00:04:29:18
to that particular connection,
so that particular customer and product,
00:04:31:11 - 00:04:32:03
if a rule
00:04:32:03 - 00:04:35:03
passes evaluation so it is applicable,
00:04:35:05 - 00:04:38:10
then it proceeds to a granted
or denied stage.
00:04:38:10 - 00:04:42:11
So an access stage and the rule
will specify whether that grants access
00:04:42:19 - 00:04:45:19
or denies access
to that particular connection.
00:04:49:18 - 00:04:53:03
Now, I mentioned earlier on that
there are scenarios where you would have
00:04:53:03 - 00:04:57:05
or could have multiple rules
associated with the same connection,
00:04:58:11 - 00:05:00:21
and we need a way to differentiate
which of those
00:05:00:21 - 00:05:03:21
is going to be prioritized,
which of those is most important.
00:05:04:00 - 00:05:07:00
And we do this with
something called weightings.
00:05:08:26 - 00:05:11:06
So as we mentioned a connected customer
00:05:11:06 - 00:05:14:06
and product
can be addressed in multiple rules.
00:05:14:07 - 00:05:17:07
And then the weighting
is used to establish that priority.
00:05:17:16 - 00:05:18:23
How this generally works.
00:05:18:23 - 00:05:21:18
And again I'll show you
how to make one of these later on.
00:05:21:18 - 00:05:24:21
Rules
with the highest weighting are evaluated
00:05:24:21 - 00:05:27:21
first rules with a lower weighting.
00:05:28:19 - 00:05:29:16
Even though they might be
00:05:29:16 - 00:05:32:24
valid rules,
they will be ignored if the connection
00:05:32:24 - 00:05:35:25
has already been addressed
by a higher weighted rule.
00:05:38:07 - 00:05:40:10
So hopefully we can see
in the graphic here
00:05:40:10 - 00:05:43:06
we've got two rules
associated with the connection.
00:05:43:06 - 00:05:45:04
The lower weighted
rule has been superseded.
00:05:45:04 - 00:05:46:14
It's been ignored.
00:05:46:14 - 00:05:49:23
And the higher weighted rule
was then proceeded to the access or
00:05:50:13 - 00:05:53:13
or grant or deny access stage.
00:05:56:01 - 00:05:56:27
But then what happens
00:05:56:27 - 00:06:01:00
if we have rules with even weighting,
which again is a very valid scenario.
00:06:01:22 - 00:06:05:17
So if we have evaluated rules
with an equal highest weighting.
00:06:05:17 - 00:06:08:17
So we can see here, for example,
that both of these rules
00:06:08:18 - 00:06:11:18
associated with that connection
have a weighting of ten.
00:06:12:01 - 00:06:14:15
Then all must permit the same access,
00:06:14:15 - 00:06:17:15
you know, in order to grant
or deny access.
00:06:17:21 - 00:06:20:23
So here, for example,
both of these access granted must
00:06:21:11 - 00:06:24:03
grant it in order for the customer
to be able to see the product.
00:06:25:09 - 00:06:27:00
Alternatively, if one of
00:06:27:00 - 00:06:32:04
those rules gives a granted access
and one of them gives a denied access,
00:06:32:21 - 00:06:35:06
that will result in a denied,
00:06:35:06 - 00:06:38:06
access denied evaluation.
00:06:39:01 - 00:06:42:04
So we just need both of them
to be the same result.
00:06:46:28 - 00:06:48:04
So let's take a bit of a look
00:06:48:04 - 00:06:51:04
at that in action before we carry on.
00:06:51:24 - 00:06:55:09
So going into the actual
in figure storefront itself.
00:06:55:09 - 00:06:57:19
So the back end of your storefront,
00:06:57:19 - 00:07:01:11
what I'm going to navigate to is
if I type in access permissions again,
00:07:02:03 - 00:07:04:23
once you have V2 activated,
00:07:04:23 - 00:07:07:17
because you will get slightly
different options in the menu.
00:07:07:17 - 00:07:10:17
If you've got V1 or V2 activated, bear
that in mind.
00:07:11:04 - 00:07:13:19
With V2 activated,
you'll have set up access
00:07:13:19 - 00:07:16:19
permissions.
00:07:17:13 - 00:07:18:02
This gives you
00:07:18:02 - 00:07:21:02
a few different tabs,
most of which we'll be covering today.
00:07:21:17 - 00:07:24:16
What we're focusing on
first of all is scopes
00:07:24:16 - 00:07:28:08
targets
and then access permissions and rules.
00:07:30:23 - 00:07:33:05
And it's just a case of
00:07:33:05 - 00:07:36:08
combining things into scopes,
combining things into targets,
00:07:36:16 - 00:07:40:00
and then combining those scopes
and targets together to form the rules.
00:07:40:23 - 00:07:42:20
And it's really easy to do so.
00:07:42:20 - 00:07:46:25
This store front has been pre-configured
with a few sample products and sample
00:07:46:28 - 00:07:51:17
customers just to aid this process,
but I'm going to build a scope.
00:07:51:17 - 00:07:53:04
First of all.
00:07:53:04 - 00:07:56:04
So if I go and add new scope.
00:07:59:12 - 00:08:03:00
We then specify what
we want to be included within that scope.
00:08:03:11 - 00:08:04:06
And you can see here
00:08:04:06 - 00:08:07:06
the sort of range of things
that I've got the ability to choose from.
00:08:08:05 - 00:08:10:24
So in our case,
I might go with something really simple
00:08:10:24 - 00:08:14:08
where it could either be all customers
or it could be one specific customer,
00:08:14:25 - 00:08:18:03
but it could be a department or role,
and that might group
00:08:18:03 - 00:08:19:08
a bunch of customers together.
00:08:21:00 - 00:08:22:01
In our example, I'll
00:08:22:01 - 00:08:25:01
just pick one individual user.
00:08:27:25 - 00:08:30:04
And then click Save
00:08:30:04 - 00:08:33:03
so that scopes now
being created in this case
00:08:33:03 - 00:08:36:03
just counting for one user.
00:08:37:19 - 00:08:39:23
Next I'll go across the targets.
00:08:39:23 - 00:08:42:17
Same process again. So add new target.
00:08:42:17 - 00:08:46:15
And this is looking for the products
that you want to group together.
00:08:47:14 - 00:08:51:26
So again this could be either
an individual product a group a category
00:08:51:26 - 00:08:53:00
A tag.
00:08:53:00 - 00:08:56:00
However it is that you want to
categorize them together.
00:08:56:21 - 00:09:00:20
I will again just go for a very simple
simple example here.
00:09:00:26 - 00:09:03:26
So just a single product.
00:09:07:03 - 00:09:10:03
And then again quick save.
00:09:11:07 - 00:09:14:17
And then so we can create multiple scopes
multiple targets.
00:09:14:17 - 00:09:17:29
And then we need to show or create rules
for how these are going
00:09:17:29 - 00:09:19:00
to be combined together.
00:09:20:00 - 00:09:23:00
So if I go to the access permissions tab
00:09:23:15 - 00:09:25:09
go to the rules tab.
00:09:25:09 - 00:09:27:21
And then I can start
constructing rules in here.
00:09:27:21 - 00:09:30:07
So I'll go to add new record.
00:09:30:07 - 00:09:32:24
Then it's just a case
of selecting the scope that we want.
00:09:32:24 - 00:09:35:10
So in this case we only have one.
00:09:35:10 - 00:09:37:29
Selecting the target
00:09:37:29 - 00:09:40:27
specifying a weighting
if it's relevant to our scenario.
00:09:40:27 - 00:09:43:27
But we'll cover that more later on.
00:09:43:27 - 00:09:48:01
And then specifying whether or not
this rule grants or denies access.
00:09:48:11 - 00:09:52:08
So a checkbox will mean it grants
and that's a unchecked
00:09:52:08 - 00:09:55:08
box will mean it denies access
00:09:55:09 - 00:09:57:08
and then insert.
00:09:57:08 - 00:09:57:23
And that's it.
00:09:57:23 - 00:09:58:29
That's the rule created.
00:09:58:29 - 00:10:00:27
And the rule will now be enacted.
00:10:00:27 - 00:10:03:27
If you've got access permissions enabled.
00:10:04:28 - 00:10:08:07
Now do note that when you are
playing around with creating rules
00:10:08:07 - 00:10:12:11
and changing things in here,
it will need to update things within the.
00:10:12:11 - 00:10:13:09
If you go back end.
00:10:13:09 - 00:10:17:05
We're using these background tasks
and it will give you a notification
00:10:17:13 - 00:10:20:07
when there's outstanding tasks
and when they've been completed.
