| Purchase journey - key steps | Object/Field access | Required access level | Why | Risk |
|---|---|---|---|---|
| 1. Browse catalog | Product Price list | View all* | User needs to be able to browse through all products from the product catalog and see the associated prices. | A competitor may download the full product catalog and price list. |
| 2. Add item to cart | Order | CRU** own | User needs to create a cart, and add items to it, as they go through their purchase journey. Prices need to be applied to the cart items with discounts as required. | A user may bypass business controls and directly update the values in the cart such as the number of products or the total price. |
| 3. Apply promotion | Promotion | View all / Modify all | Promotions need to be applied to the cart. If they are specific to a user, they then need to be invalidated. | A user may look at all the promotions available and apply the most favorable to them. They may even update the records to make themselves eligible. |
| 4. Register | Account/Contact | CRU own | Before creating a new account, the system need to check for an existing one and potentially update any existing records. | A user may access the whole customer base and see sensitive information. |
| 5. Credit check | Credit rating | RU own | In some cases involving recurring payments, the merchant may check the customer credit rating before processing the purchase and update it on the customer record. | A user may assign themselves a fraudulent credit rating. |
| 6. Finalize order | Order | RU own | Cart needs to be finalized before being sent to fulfilment | A user may update the cart after it has been finalized and corrupt the data. |
*View All, Modify All permissions have a greater level of access than typical CRUD access. See: https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/users_profiles_view_all_mod_all.htm
**CRU Abbreviations C = Create, R = Read, U = Update