Administrator Role

The Administrator role can't be deleted directly, or indirectly by import. This role has the following properties:

Administrator access for all system modules is ensured via the following mechanisms:

Unified Authentication

When you migrate a local Business Manager profile with an Account Manager profile, interactions occur if the two profiles don't both have the administrator role. If the Account Manager profile has the administrator role but the Business Manager profile doesn't, the user is assigned the administrator role. This assignment happens upon the user’s first login to that instance after migration. If the Business Manager profile has the administrator role but the Account Manager profile doesn't, the administrator role is removed upon first login.

When using unified authentication, the administrator role can't be assigned via import.

Retrieving Passwords

The best practice is for all customers and partners to have one administrator who is responsible for the passwords of all their instances. This administrator is usually the default admin user account included with every new instance. The admin user can create more named accounts that also have administrator permissions.

Developers use their own accounts to access instances and don't change or reset the global administrator password. If a dbinit is run on a sandbox, the administrator is responsible for changing the passwords for the sandbox back to the original passwords after the dbinit. See Using Dbinit.

Security Settings enable the administrator to configure how Business Manager passwords behave. An administrator can retrieve or reset a password if it's forgotten using the Forgot Password feature.

Note: Commerce Cloud Support only resets the main administrator password for the admin account. All other accounts with administrative access must be reset by a user logged in as the admin user.

Import/Export

The import logic rejects deletion attempts for the administrator role (for example, via DELETE mode import). The import logic also rejects any modification of system module access privileges (for example, via REPLACE mode import). Both cases are logged as warning in the import log.

Related Links

Creating Roles