App access for OrderCloud with Sitecore Cloud Portal

This guide explains OrderCloud access management through Sitecore Cloud Portal organization and app access controls.

Organization access levels

Organization-level access determines overall system permissions:

Owner/Admin privileges:

• Full access to all Sitecore apps
• FullAccess data permissions
• Complete impersonation rights
• User management capabilities:
  • Team member invitations
  • Access level configuration
  • User access modification
  • Account deletion

App access roles

Each OrderCloud marketplace (app) supports these access roles:

Custom group configuration

Access control capabilities

OrderCloud enables granular access control through custom role groups:

• Flexible permission configuration
• Precise data access control
• Role-based authorization

Configuration requirements:

• Owner/Admin organization access required
• Up to 4 custom role groups available
• Customizable admin role settings

Permission components

Each custom role group includes:

1. Data access levels
2. Impersonation permissions
3. API role assignments

Access inheritance

Role permissions affect:

• Personal API console access
• Impersonation capabilities
• Data visibility restrictions

Note: Available roles during impersonation represent the intersection of:

• Impersonated user's roles
• Impersonating user's permissions

Access assignment process

User invitation workflow

Organization administrators can assign roles during team member invitations:

Implementation recommendations

Before user invitations:

1. Define app access configurations
2. Configure role permissions
3. Establish access hierarchies
4. Document permission structures

This preparation ensures proper access assignment during onboarding.

Related reading

• Product synchronization & Sitecore Search
• Why you should never use FullAccess