Developer forum

Forum » Feature requests » Saved Cards scope configuration

Saved Cards scope configuration

E-mail notifications
Nuno Aguiar
Reply
Posted on 15/03/2017 12:07:57

Hi,

 

To accomodate more complex B2B scenarios, would be great if we could determine how the Saved Cards are retrieved

  1. Saved and available to the Primary User

  2. Saved and available to the Secondary User

  3. Saved and available if both the Primary User and Secondary User matches (limited scope)

  4. Saved and available if either the Primary User or Secondary User matches (largest scope)

 

This accomodates scenarios where we use impersonation for B2B projects and a login user impersonates a company (not a real user). At this point we can determine if the saved cards come from:

  • Config 1: The impersonated account (primary user)
    • Means all users that impersonate this account can access the credit cards
  • Config 2: The login account (secondary user - defaults to primary user if no secondary user is set)
    • Means the login user (actual person) can use their personal credit cards, no matter what account their are impersonating
  • Config 3: The login user will have a different set of credit cards between the accounts he can impersonate
    • Means for Company A, he sees cards 1 and 2, and for Company B he only sees card 3
  • Config 4: The login user access his personal cards + the company's cards
    • Means the user has a broader choice of cards, so he can pay with one of his personal cards OR one of the company's card

 

Hope this makes sense.

 

Best Regards,

Nuno Aguiar


Replies

 
Nicolai Pedersen
Posted on 15/03/2017 14:14:45
Reply

I think this is out of scope for default system feature. So you have to do this custom...

BR Nicolai

 
Nuno Aguiar
Posted on 15/03/2017 16:27:45
Reply

Hi Nicolai,

 

Ok. We saw the need for this in 2 projects in a short amount of time. I will see if we can develop something reusable on our end.

 

Best Regards,

Nuno Aguiar

 
Scott Forsyth Dynamicweb Employee
Scott Forsyth
Posted on 16/03/2017 04:17:11
Reply

I'll explain a bit more.

We leverage impersonation to support multiple logins to manage a single company (and also logins to be able to manage multiple companies). So we have a structure like this:

User 1 and User 2 can both manage Company ABC

When impersonation is used, a saved credit card is saved for Company ABC. So, if User 1 saves their card, then it's available for User 1 and User 2 to both see. Our customers wants the card to only be seen by the person who created it. So, that means that saved cards should only be seen if BOTH the primary and secondary users match.

What would be the best way to limit the scope for a match of both primary and secondary user? (the other choices could be possibilities, but this particular situation just needs to check for the BOTH situation)

Thanks,

Scott

 
Nicolai Pedersen
Posted on 16/03/2017 09:04:28
Reply

Hi Scott

That I can better understand - it might even be considered a bug since a credit card is personal, and giving the possibility of others to use that card could be against terms and maybe even law.

So if a user is impersonated, the credit cards shown should be those of the impersonater and not the ones of the user being impersonated. I guess this should be default behavior and not even overridable?

BR Nicolai

 
Scott Forsyth Dynamicweb Employee
Scott Forsyth
Posted on 16/03/2017 14:28:51
Reply

Hi Nicolai,

To take it further, since users have the ability to impersonate multiple companies, they may not want their saved credit card to show up when they manage a different company. They may have used a corporate card on one company and they don't want to see the same card for another company. So, the safest default should really be that if they are impersonating a user that credit cards should be shown if both the impersonator and impersonee match.

For that reason, I wonder if the flexibility would be useful since people use impersonation in different ways. In the way that we use it, some companies may want to show credit cards for all users of a company, while others would want to the user to be able to see their credit cards, no matter which company they are managing, and others would want to only see their credit cards for each company.

If there is one default setting, I believe that it should be the both-have-to-match option.

Scott

 

 
Merethe Vrå Andersen Dynamicweb Employee
Merethe Vrå Andersen
Posted on 17/03/2017 09:12:59
Reply

Hi Scott and Nuno,

Nicolai involved me in this. I just need to be clear before creating a backlog for this.

I have a setup in this video with mva and mni. 

MVA has a saved visa card
MNI has a saved mastercard
MNI is able to impersonate MVA
As it is now, MNI can't see/use the visa saved for MVA, and I guess that's legally correct.

https://www.screencast.com/t/oNy60vzUmJTz

What you want is, that MVA and MNI has a matching credit card, then it's available at both accounts? Right?
But why do you need a "both have to match" checkbox for that? If MNI had the same visa card as MVA then it was already available in the list of saved cards for MNI.

In this scenerio MNI is impersonating MVA, buys a product and saves a new card (American express). 

This new card is saved for MNI and is not available when MVA is logged in as himself:

https://www.screencast.com/t/LmDLGa3ih6h

What am I missing here?

Kind regards,
Merethe

 
Nuno Aguiar
Posted on 17/03/2017 11:45:17
Reply

Hi Merethe,

 

What you show works fine. I see that as the "default action" (Scott might see it differently). Let me try to rewrite what I wrote initially.

  • Let's consider users "Merethe", "Nuno", "Dynamicweb North America"
  • Both "Merethe" and "Nuno" can impersonate "Dynamicweb North America"
  • There are these cards in the database
    • "Merethe" has "Personal Visa"
    • "Nuno" has "Personal Mastercard"
    • "Dynamicweb North America" has "Company American Express"
    • "Dynamicweb North America" has "Merethe's company Visa" created when "Merethe" was impersonating "Dynamicweb North America"
    • "Dynamicweb North America" has "Nuno's company Mastercard" created when "Nuno" was impersonating "Dynamicweb North America"

 

The concept is that different projects require different setups, as we start to see with customers.

 

Scenario 1
Cards are associated to the impersonated user or the login user (if not impersonating)
(This is what Dynamicweb has currently)

  • "Merethe" sees "Personal Visa"
  • "Nuno" sees "Personal Mastercard"
  • "Merethe" when impersonating "Dynamicweb North America" sees "Company American Express", "Merethe's company Visa" and "Nuno's company Mastercard"
  • "Nuno" when impersonating "Dynamicweb North America" sees "Company American Express", "Merethe's company Visa" and "Nuno's company Mastercard"

 

Scenario 2
Cards are associated to the impersonated user, but only when they were created by the person impersonating the company

  • "Merethe" sees "Personal Visa"
  • "Nuno" sees "Personal Mastercard"
  • "Merethe" when impersonating "Dynamicweb North America" sees "Company American Express" and "Merethe's company Visa"
  • "Nuno" when impersonating "Dynamicweb North America" sees "Company American Express" and "Nuno's company Mastercard"

 

Scenario 3
Cards are associated to the user + the impersonated user's cards
Most common when users are responsible for their own purchases, but need to buy while impersonating one or multiple companies

  • "Merethe" sees "Personal Visa"
  • "Nuno" sees "Personal Mastercard"
  • "Merethe" when impersonating "Dynamicweb North America" sees "Personal Visa" and "Company American Express", "Merethe's company Visa" and "Nuno's company Mastercard"
  • "Nuno" when impersonating "Dynamicweb North America" sees "Personal Mastercard" and "Company American Express", "Merethe's company Visa" and "Nuno's company Mastercard"

 

Scenario 4
Cards are associated to the user
Most common when users are responsible for their own purchases, but need to buy while impersonating one or multiple companies

  • "Merethe" sees "Personal Visa"
  • "Nuno" sees "Personal Mastercard"
  • "Merethe" when impersonating "Dynamicweb North America" sees "Personal Visa"
  • "Nuno" when impersonating "Dynamicweb North America" sees "Personal Mastercard"

 

 

Let me know if this helps explain.

 

Best Regards,

Nuno Aguiar

 
Nuno Aguiar
Posted on 17/03/2017 12:21:08
Reply

Hi Merethe,

I edited my previous reply since I noticed a few typos and flaws. Please check it online (don't rely on the email notification)