description	Commands for managing Business Manager access roles, user assignments, and permissions on B2C Commerce instances.

BM Roles Commands

Commands for managing instance-level Business Manager access roles on B2C Commerce instances. These are distinct from Account Manager roles which manage roles at the Account Manager level.

Authentication

BM roles commands require OAuth authentication with OCAPI permissions for the /roles resource.

Required OCAPI Permissions

Resource	Methods
`/roles`	GET
`/roles/*`	GET, PUT, DELETE
`/roles/*/users`	GET, PUT, DELETE

Configuration

export SFCC_CLIENT_ID=your-client-id
export SFCC_CLIENT_SECRET=your-client-secret

For complete setup instructions, see the Authentication Guide.

b2c bm roles list

List all Business Manager access roles on an instance.

Usage

b2c bm roles list [--count <n>] [--start <n>]

Flags

Flag	Description
`--count`, `-n`	Number of roles to return (default 25)
`--start`	Start index for pagination (default 0)

Uses global instance and authentication flags.

Examples

b2c bm roles list --server my-sandbox.demandware.net
b2c bm roles list --count 50 --json

b2c bm roles get

Get details of a specific access role.

Usage

b2c bm roles get <role> [--expand <expansion>]

Arguments

Argument	Description
`role`	Role ID (e.g. "Administrator")

Flags

Flag	Description
`--expand`, `-e`	Expansions to apply (e.g. `users`, `permissions`). Can be specified multiple times.

Examples

b2c bm roles get Administrator
b2c bm roles get Administrator --expand users
b2c bm roles get Administrator --json

b2c bm roles create

Create a new custom access role on an instance.

Usage

b2c bm roles create <role> [--description <text>]

Arguments

Argument	Description
`role`	Role ID to create

Flags

Flag	Description
`--description`, `-d`	Description for the role

Examples

b2c bm roles create ContentEditor --description "Role for content editors"
b2c bm roles create ContentEditor --json

::: warning Reserved role IDs ("Support", "Business Support") cannot be created. :::

b2c bm roles delete

Delete a custom access role from an instance.

Usage

b2c bm roles delete <role>

Arguments

Argument	Description
`role`	Role ID to delete

Examples

b2c bm roles delete ContentEditor

::: warning System roles (e.g. "Administrator") cannot be deleted. :::

b2c bm roles grant

Assign a user to an access role on an instance.

Usage

b2c bm roles grant <login> --role <role>

Arguments

Argument	Description
`login`	User login (email)

Flags

Flag	Description
`--role`, `-r`	Role ID to grant (required)

Examples

b2c bm roles grant user@example.com --role Administrator
b2c bm roles grant user@example.com --role ContentEditor --json

b2c bm roles revoke

Unassign a user from an access role on an instance.

Usage

b2c bm roles revoke <login> --role <role>

Arguments

Argument	Description
`login`	User login (email)

Flags

Flag	Description
`--role`, `-r`	Role ID to revoke (required)

Examples

b2c bm roles revoke user@example.com --role Administrator

b2c bm roles permissions get

Get permissions for an access role.

Usage

b2c bm roles permissions get <role> [--output <file>]

Arguments

Argument	Description
`role`	Role ID (e.g. "Administrator")

Flags

Flag	Description
`--output`, `-o`	Write full permissions JSON to a file for editing

Examples

# View summary
b2c bm roles permissions get Administrator

# Export to file for editing
b2c bm roles permissions get Administrator --output admin-perms.json

# Get raw JSON
b2c bm roles permissions get Administrator --json

b2c bm roles permissions set

Set (replace) all permissions for an access role from a JSON file.

Usage

b2c bm roles permissions set <role> --file <path>

Arguments

Argument	Description
`role`	Role ID

Flags

Flag	Description
`--file`, `-f`	JSON file containing permissions (`role_permissions` schema) (required)

Examples

# Export, edit, then apply
b2c bm roles permissions get MyRole --output perms.json
# ... edit perms.json ...
b2c bm roles permissions set MyRole --file perms.json

::: warning This command replaces all existing permissions for the role. Use permissions get --output first to ensure you have the complete set. :::

Permissions JSON Structure

The JSON file follows the OCAPI role_permissions schema with four sections:

{
  "functional": {
    "organization": [{"name": "PERMISSION_NAME", "type": "functional", "value": "ACCESS"}],
    "site": []
  },
  "module": {
    "organization": [{"application": "bm", "name": "ModuleName", "type": "module", "system": true, "value": "ACCESS"}],
    "site": []
  },
  "locale": {
    "unscoped": [{"locale_id": "default", "type": "locale", "value": "ACCESS"}]
  },
  "webdav": {
    "unscoped": [{"folder": "Catalogs", "type": "webdav", "value": "ACCESS"}]
  }
}

FilesExpand file tree

bm-roles.md

Latest commit

History

bm-roles.md

File metadata and controls

BM Roles Commands

Authentication

Required OCAPI Permissions

Configuration

b2c bm roles list

Usage

Flags

Examples

b2c bm roles get

Usage

Arguments

Flags

Examples

b2c bm roles create

Usage

Arguments

Flags

Examples

b2c bm roles delete

Usage

Arguments

Examples

b2c bm roles grant

Usage

Arguments

Flags

Examples

b2c bm roles revoke

Usage

Arguments

Flags

Examples

b2c bm roles permissions get

Usage

Arguments

Flags

Examples

b2c bm roles permissions set

Usage

Arguments

Flags

Examples

Permissions JSON Structure