Restricted access to HAC (Hybris Admin Console) functions

Admin user group can access Hybris Admin Console (HAC), but few only knows that any employee can be given a restrictive access to HAC functions. This blog will cover How to apply restricted access to HAC (Hybris Admin Console) functions?

Many a time we end up only allowing admin user to HAC system, but what if I want one of my user (or user group) to provide some administrative access like running only flexible query or say just take access to enable/disable class level logging etc.

Following few steps can help you achieve restrictive access to

  • Initialization button in Hybris admin console
  • Flexible query panner
  • ImpEx pannel
  • Monitoring
  • etc…

Next time someone asks for HAC access, then you don’t need to worry if they can hit the initialized button or can use something which they are not authorized too.

Configure Restricted access to HAC functions

Easy-Peasy…. Hybris provides you some out-of-the-box (I like that term :P) user groups which you can assign to specific users or user group (non-admin) to allow them access only certain functions on hac.

Assign OOB HAC Related User Group

Restricted access to HAC (Hybris Admin Console) functions

List of OOB HAC access groups

There is a list for every single action available in hybris admin console which you can allow/restrict for a user using following OOB user groups.

hac_platform_tenantshac_monitoring_cache
hac_platform_configurationhac_monitoring_cache_limited
hac_platform_configuration_limitedhac_monitoring_cluster
hac_platform_systemhac_monitoring_database
hac_platform_logginghac_monitoring_database_limited
hac_platform_logging_limitedhac_monitoring_cronjobs
hac_platform_extensionshac_monitoring_cronjobs_limited
hac_platform_initializationhac_monitoring_jmx
hac_platform_updatehac_monitoring_jmx_limited
hac_platform_sqlscriptshac_monitoring_memory
hac_platform_licensehac_monitoring_memory_limited
hac_platform_supporthac_monitoring_threaddump
hac_platform_pkanalyzerhac_monitoring_performance
hac_platform_classpathanalyzerhac_monitoring_transactiontracking
hac_maintenance_cleanuphac_console_scriptinglanguages
hac_maintenance_cleanup_limitedhac_console_flexiblesearch
hac_maintenance_encryptionkeyshac_console_impeximport
hac_maintenance_encryptionkeys_limitedhac_console_impexexport
hac_maintenance_deploymenthac_console_ldap
hac_monitoring_suspendresume

So next time if anyone ask you for a restricted access to HAC (Hybris Admin Console) functions… Share this post. Give it a like if it helps you! ­čÖé

Old Posts

3970cookie-checkRestricted access to HAC (Hybris Admin Console) functions

4 thoughts on “Restricted access to HAC (Hybris Admin Console) functions

  • Where do you set those User Groups, in HMC?
    What if the OOB roles are not configured on my machine? Do you know specific Access Groups that are needed to disable the HAC access?

    • Dear Jason – Please find the answers for your queries :

      1. These are the user groups hybris creates by default during system setup which one can use to control HAC functions access. These groups are part of the essential data created for platform. Hence you will always find these OOB roles/groups created into the system unless you try to override it.
      Refer impex files present under /platform/ext/hac/resources/impex/

      2. To stop a complete access of HAC to certain users, you can simply keep them out of the admingroup.

      3. You will find all these groups available under usergroups section only. I have added a screenshot of backoffice showing these groups available (as HMC is already deprecated and removed from hybris)

      Hope it helps!

  • Hi, this is good. However, it seems that is not possible to execute impex for users with hac_console_impeximport. An error related with session.catalogVersions is thrown.

    • Hi Marco, let me check for it. But I don’t think that it is related to restrictions mentioned in this blog. This probably is because when you go to admin console, it doesn’t have catalog version available in session. You must define a catalogue variable in your impex and use it in. Hope it helps. If not, please share a sample of impex you are trying to run ­čÖé

Leave a Reply

Your email address will not be published.