Icecat User Access Management Policies

By

Icecat offers different access policies for the users of the Icecat data. This post describes the key elements of our user access management.

1. Introduction

This policy aims to prevent unauthorized access to Icecat’s cloud systems. In addition, the policy describes the registration and de-registration process for Icecat information systems and services. This policy applies to brand users, channel partners, Icecat staff, and system integrators.

2. Definitions

Authorized Resellers

In case a product has the status “Publish: Limited,” its data is available only for so-called Authorized Resellers, users that are assigned to a specific brand, which the brand owner defines. The restrictions can go even further as a brand may give access to a particular product’s data sheet only to one specific user from its brand-specific predefined authorized reseller list.

Brand Restrictions

Brand Owners can define a syndication policy not just on the product level but also on the level of a Locale (country) for all products. Locale restrictions can also be set for just Open Icecat users or the whole Icecat user list via implied DRM. It can take into account blocking users from embargo countries.

Digital Rights Management (DRM)

Icecat offers brands Digital Right management (DRM) functionalities via its PIM. DRM is a set of functionalities to control which Icecat user is authorized to access and/or manage which information from which Locale.

On every product in the Icecat PIM, an editor can find the tab “publication restrictions” that shows what kind of restrictions are applied to the respective product.

Full Icecat and Open Icecat

Registration for Icecat is free, and any registered user can access the Open Icecat product catalog. The Open Icecat product catalog consists of the sponsoring brands’ product data for their channel partners based on the syndication policies of these client brands.

Icecat monitors the market based on connected distributor feeds and covers other products outside the Open Icecat catalog: the Full Icecat catalog with the product information for thousands of brands. Only Full Icecat users have access to the Full Icecat catalog.

IP Filtering

To get access, a user needs to white-list the IP(s) from which (s)he is accessing information, APIs, and applications. It can be managed via the user account or by account managers. And any changes need confirmation via a known communication address.

Locales

Icecat offers product information in 50+ different locales. Therefore, the access of Icecat users can be limited to specific locales. Furthermore, as each local corresponds to a particular country, we can translate such restrictions to country-level restrictions.

Account managers can set access to Locales.

Private

According to a brand’s syndication policy, products may have digital assets (e.g., images, videos, PDFs, RTBs) that can be set as “Private” so that they are only available to their Authorized Resellers.

Release Date

A brand can indicate a Release Date per Locale for a specific product or digital asset. However, only Authorized Resellers (or users) can access the product data before the Release Date.

The End of Live date is also locale-based and has only an informative function for users.

Two Factor Authentication (2FA)

Icecat has implemented Two Factor Authentication (2FA) to improve privacy protection and online security as additional protection of a user’s account. More details regarding this functionality can be found here.

Verticals

Access to the Icecat catalog can be limited for users to specific Verticals, i.e., the highest category level in Icecat’s taxonomy.

3. User Registration

New Users

Access to Icecat information services is controlled through a formal user registration process. A unique user ID identifies each user, and any action they take is logged. In addition, each account is secured by a password, 2FA (optional), and IP Filtering (mandatory).

Channel partners register solely through an online form, which provides them access to Open Icecat, the data of sponsoring brands of Icecat, released for free access to the public/market. Open Icecat users will not get access to product data that is not yet released or which is marked as Private in the DRM system conforming to the syndication policies of the respective brand to set Brand Restrictions, permissions for Authorized Resellers, Release Dates of digital assets, access to specified Locales, etc. Only when a brand owner’s representative has indicated a user as an Authorized Reseller the Icecat account manager will add this user privilege, and the respective user will get access to the Brand’s Private digital assets.

Icecat staff gets users’ accounts and privileges confirming their position, which are disabled when they change their work or leave Icecat. Icecat Admin user accounts are obliged to be secured by 2FA as well.

Brand users are linked by their Icecat account manager to their respective brands and can only access the brand’s product data in the Icecat PIM (back office).

The editor-in-chief controls the access level of Icecat editors. The COO (team) contains the access levels of brand users. Account managers verify and control the access levels of channel partners. Finally, the CTO (team) controls the access levels of developers.

Change of user requirements

Changed requirements will normally relate to an alteration to the applications used. Still, they may also involve Brand/Reseller authorizations, upgrades or downgrades of editor access authorizations, Open Icecat or Full Icecat subscription levels of channel partners, etc. Requests are directed to the respective team director or account manager.

Change requests from channel users (by far the largest user group) are received through the Icecat ticketing system.

Change of password

When a user has forgotten their password, the system supports them to request a new one without interference from the Icecat staff.

Deactivation of users

The cloud user accounts are never destroyed to be able to track historical information but can be deactivated. As soon as Icecat staff leave the company, all their accounts are deactivated. If Authorized Resellers are de-authorized by a brand, the additional access privilege will be removed from the brand record. If brand users change companies, their accounts are deactivated or assigned to a new brand editor.

Network accounts can be deleted.

Privilege management

 “Special privileges” are those allowed by the system manager or systems programmers, allowing access to a potentially sensitive area. The unnecessary allocation and use of special privileges are often found to be a major contributing factor to the vulnerability of systems that have been breached. The Tech Director must authorize privileged access. The Tech Director will maintain a master list of privileged accesses in use, which will be checked and confirmed by the COO on a three-month basis. The list will identify all separate logins for each system and service.

User password management

Users are advised to choose a so-called “strong” password. Additional IP Filtering is required for all users above the free Open Icecat user level. 2FA is required for users with Admin rights or the highest editorial privileges and recommended for others.

Review of user access rights

The COO will review all network access rights at least twice a year, designed to confirm all users positively. Any lapsed or unwanted logons, which are identified, will be disabled immediately and will be deleted unless positively reconfirmed. Annually, the COO will institute a review of access to applications, such as a user’s access to Full Icecat and specific Verticals. This will be done in cooperation with the application owner and will be designed to reconfirm all users positively. All other logons will be deleted/deactivated.

The review is conducted as follows.

  • The COO will generate a list of users by application.
  • An appropriate list will be sent to each application owner, who will be asked to confirm that all users identified are authorized to use the system.
  • The COO will ensure a response.
  • A user not confirmed will have their access to the system removed.
  • The COO will maintain a file of lists sent over, application owner responses, and a record of action taken. The review will normally be conducted quarterly.

Chief Operating Officer at Icecat

Leave a Reply

Your email address will not be published. Required fields are marked *

Icecat xml

Open Catalog Interface (OCI): Manual for Open Icecat XML and Full Icecat XML

This document describes the Icecat XML method of Icecat's Open Catalog Inte...
 November 3, 2019
Manual

Manual for Icecat Live: Real-Time Product Data in Your App

Icecat Live is a (free) service that enables you to insert real-time produc...
 June 10, 2022
Manual for Icecat CSV Interface

Manual for Icecat CSV Interface

This document describes the manual for Icecat CSV interface (Comma-Separate...
 September 28, 2016
 October 4, 2018
LIVE JS

How to Create a Button that Opens Video in a Modal Window

Recently, our Icecat Live JavaScript interface was updated with two new fun...
 November 3, 2021
Addons plugins

Icecat Add-Ons Overview. NEW: Red Technology

Icecat has a huge list of integration partners, making it easy for clients ...
 October 27, 2023
Manual

Manual for Open Icecat JSON Product Requests

JSON (JavaScript Object Notation) is an increasingly popular means of trans...
 September 17, 2018
 January 20, 2020
New Standard video thumbnail

Autheos video acquisition completed

July 21, Icecat and Autheos jointly a...
 September 7, 2021
Manual

Manual Personalized Interface File and Catalog from Icecat

With Icecat, you can generate personalized or customized CSV or Excel files...
 May 3, 2022