Released 26 June 2025
User Import - Fix: Exception on missing scoped access in role (RTC-51112)
The import process handles missing profile or team scoped access in role without error. When scoped role's access level is null or missing from import, the system treats them as empty and continues processing. Users are imported without failure.
Released 23 June 2025
Set 'Manage member offers' permission (RTC-50279)
Existing user roles with 'Create promotion and manage draft promotions' permission are given a 'Manage member offers' permission.
Fix: UserMerger DbUpdateException Merge failed (RTC-50747)
The import process handles conflicts caused by role or access mismatches more properly. When a user without access to Team 1 is updated with a new role in that team, and another user with full access to Team 1 is imported in the same batch, this can lead to permission conflicts. Problematic users are now only partially updated, and the import continues for the rest of the users without failure. Users with valid data in the same contract are imported correctly.
Swagger documentation - Draft contract for users (RTC-50581)
A new draft contract has been created for SCIM/users in Shell. It is a separate document that includes all endpoints (GET, POST,PUT, PATCH, DELETE) and follows the URI conventions for SCIM.
Released 11 June 2025
User profiles - Item area limited access to manage items (RTC-43952)
The Item Areas section is added to the user details. By default, a user has no limited area access, so this section remains hidden. At the bottom of the user details page, there’s a Manage Item Areas button that opens a new view with two separate sections: a list of item areas and Your Selection, where the selected areas are displayed by department.
A user can remove an item area by clicking on the ‘x’ icon. The list of item areas is shown in a table with a checkbox column, item area number, item area name, and department. Users can filter the columns and click on the Select/Unselect All button to perform actions on areas that match the defined criteria.
Removing all item areas from a user effectively restores access to all areas.
The user endpoint is extended with 'Preferred content language' (RTC-41474)
The user endpoint has been extended with 'PreferredContentLanguage'. when a GET request is sent with a specified username, the response now also includes the preferred content language set for that user.
Fix: Null reference in Invite job (RTC-50542)
There is no exception in InviteFromAzureADToAzureAD job when user with multiple source directories is deleted from one of them.
Fix: Users can't see “All Stores” in role dropdown (RTC-50593)
When assigning a role to user with access to 'All stores', the “All Stores” option is displayed in the dropdown menu. Conversely, users without 'All Stores' access can only view specific store groups in their user details and store roles can be added only on the store groups limited by their access.
Export of user roles (RTC-47331)
When user role is added, it's name is changed or is deactivated, it is exported to 3rd party in new contract UserManagement.Role.Export.
Additionally there have been added three new tables in Identity Service Database to track Export History.
Split environment and tenant JWT authorization policies (RTC-8195)
Shell API now enforces separate JWT authorization policies for environment and tenant endpoints. These endpoints require different certificates to be accessed. Tenant endpoints will only accept tenant-specific tokens, while environment endpoints will only accept environment-specific tokens. If a request is made with the wrong type of token, the server will respond with a '403 Forbidden' error.
The Swagger documentation has also been updated and is now split into two sections: ShellApi and Environment. Each section contains the relevant request documentation accordingly for Cashiers, User Notifications, Users, Users with PIN and Applications, Configuration.
Shell authorization - Fix: Environment policy (RTC-50677)
Environment endpoints require environment specific token. Accessing all of the Chain Web modules is possible, from main page as well as directly from URI. Tenant endpoints work without any changes and will accept only tenant-specific tokens.
Released 21st of May 2025
Invite job - Fix: Synchronize link between customers and EG Entra ID (RTC-47947)
After invited to EG directory user is deleted from customer Entra ID, they can be recreated and will be correctly linked to the one in EG AD. The user can log into EG application.
Deprecated FluentValidation.AspNetCore package removed (RTC-49617)
The FluentValidation.AspNetCore package was removed from Shell. Swagger works correctly and displays the information as before, without any changes.
Released 12th of May 2025
Content language for users (RTC-43377)
A new field "Preferred content language" has been added on users as a dropdown field (it is required). By default, the language value in the dropdown is set based on the value from the system parameters. The preferred content language can be changed when creating or inviting a new user through the user interface, and it can also be modified for an existing user.
If a user is created via import or the invite job, the preferred language will also be taken from the system parameters and can later be updated through the user interface using the dropdown.
Users from Entra ID - Fix: First and last names are swapped (RTC-49783)
When a user signs in, their data such as email, first name, last name etc. is not updated and stays just as it was set during account creation.
User access - Limit access to manage items - API & Database (RTC-48491)
The database has been extended with a new table for hierarchy access for user.
Additionally, when sending an API request, hierarchy access for the user is now returned. With this request, it's possible to add or remove a single area for a user, retrieve the list of all areas assigned to a user, and also add or remove a list of areas.
Released 16th of April 2025
Tenant switching (RTC-46888)
Users with access to more than one tenant, can see them as a list in a dropdown menu next to their user name. List consists of all tenants they have access to excluding currently selected tenant. After switching to tenant, user is redirected to main page of module.
Swagger documentation - Export of user roles (RTC-47941)
The new contract "UserManagement.Role.Export" with role code, role type and role status has been added. Scheme for export of user roles is visible in Swagger User Management.
Invite job - Fix: UserIdentity is double tracked (RTC-47746)
When there are users invited from two sources with the same email, InviteFromAzureADToAzureAD job correctly identifies these as the same user and processes them without warnings or errors. When updating user identity fields, system uses a defined hierarchy of sources. If a user is a member in one of the source AAD tenants, that source takes priority, and its identity values are applied to the destination AAD user. However, if the user has the same type in both source AADs (e.g. both are guests or both are members), then the system uses the Object IDs in alphanumerical order to decide which source to use.
Released 12th of March 2025
Login of users (RTC-48180)
Users can sign in when their source Azure AD account has a different mail than the AD from where EG invites the user.
Store permissions - New scoped permissions for managing users (RTC-44599)
New permissions, "Manage users" and "View users", have been added to allow store managers to manage only the employees of the stores they have access to, without affecting employees from other stores/profiles.
Managers with "View users" permissions can only view users within their scoped access, while managers with "Manage users" permissions can both view and manage users within their scoped access. If a manager has access to a specific profile, and an employee is in both that profile and another store (outside of this profile), the manager will not be able to view and manage that employee.
Old permissions (`ViewUsers`, CreateNewUser, CreateNewUserWithPin, EditExistingUsers) are removed.
Released 19th of February 2025
Invite user (RTC-9315)
A user can be invited in User management, and they will be automatically added to Azure AD. The invited user will have 'Guest' status in Azure AD. A radio button has been added with two options: "Create new user" and "Invite external user".
If the "Invite external user" option is selected and the required fields are filled in, the user will be invited to both User management and Azure AD. It is not possible to invite a user who already exists in the database, an error will be displayed. When editing, activating, deactivating an invited user, all changes will also be updated in Azure AD.
If a massage and an email are provided in the Cc recipient field, an invitation massage will be sent to the specified user. When a user who exists only in Azure AD and not in the database, the user is invited and will be created normally in User Management. If such user is disabled in Azure AD, their account will be activated.
Create user (RTC-47255)
When creating or changing a password for a new user, Unicode characters are not allowed, and an error massage is displayed.
Released 12th of February 2025
Fix: Duplicated users and allow log in (RTC-45774)
Users with duplicated UPNs (email + source domain + destination domain) created by the Invite Job will now be deleted from both Azure and the Identity Database and correct users will be connected to source user. In situation, that there are no duplicated users, but users with incorrect UPNs (email + source domain + destination domain), they will be updated to have correct email address and to be connected with source user.
Extend user contract with status (RTC-46939)
Contract to import users is extended with status field. It can be 'Active' or 'Inactive'. Uploading file with status changes status of user accordingly to value of that field. By default status is 'Active', so when field is not in the file, it will be treated as if status was 'Active' . User export also contains status.
Entra ID permissions (RTC-26349)
Chain Web Shell will now require new (much narrower) permissions from our customers, which improves security both for us and our customers.
Depending on the configuration of our customer's Microsoft Entra ID, admins may need to provide consent for these new permissions.
Released 4th of February 2025
Create users as members in EG Entra ID (RTC-44592)
User created in User Management by filling form after clicking on button 'New user' in user grid is also created in tenant Entra ID and can sign in to Cloud. Form to create user requires username, display name, region, language and store access of user, other fields are optional. First Name and Last Name are set accordingly as first and last word of given name but can be set manually. When display name is a one word, it is considered as Last Name. Username cannot have domain, as it will be taken from Microsoft and added to username after saving new user. Username and email are required to be unique per user.
Password of Microsoft security standard is generated by default and can be copied. However it can be set also manually, but needs to meet the standard. On first login to Cloud, user will need to change the password.
Users can be edited and changes in user details are visible in Entra ID. Deactivating and activating users in User Management changes user status in Entra ID.
In a situation, that user exists in Entra ID and not in User Management, manually creating user with the same username will result in updating existing user in Entra ID with data provided in creating form.
New scoped permissions for managing users (RTC-44596)
New scoped permissions for managing users are added for the store role, to allow store managers to manage the employees of the store without being able to manage other stores personnel:
Users - View Users and Manage Users
The permissions can be saved /modified for the role, as well as assigned to the user. The permissions does not have affect on users actions yet.
System parameters user interface (RTC-42543)
The system parameters view is available for User Management. To access this view and edit values in it, user needs following permission: User management administrator-->Manage system parameters. The system parameters view contains two parameters for now: User language, responsible for what interface language is displayed to users by default, and Content language, responsible for what language the content will be displayed in.
Import group hierarchy to User Management ((RTC-43950)
Item hierarchy has been imported into User Management, and the IdentityService database has been expanded with 3 new tables:
User is exported when modifying the user access level (RTC-43671)
When a user is updated via the UI and the only change is the store access at the user level, the user is exported. The store access is then updated in the BackOffice
Fix: Store roles can be assigned on stores, when user has access to profile/team (RTC-43909)
If the user has access to the profile or team level, they can assign a store role on stores, belonging to this profile/team.
Fix: User invited from external AAD cannot sign in (RTC-43253)
When guest user in one directory is invited to EG directory, they're is correctly created in AAD and database. Such user can sign in to Cloud Chain Web.
Async API documentation (RTP-35539)
The new async API documentation has been added: AvailableBlobEvent publish with its blob type variants and AvailableBlobEvent subscribe. Additionally, file processing information has been included: FileProcessInfo.