This topic introduces the Customer Management system in Optimizely Customized Commerce. This is a central component that lets you work with organizations, contacts, and Commerce Manager users. From Customer Management, you also can create purchase orders for a customer account.
The following image illustrates Customer Management and the relationship among the various objects, and different types of relationships between Business Foundation (BF) objects. See [Meta-class references](🔗).
**Contact** – Individual with a set of personalized information (name, address, email, and so on). A contact can be a customer or a user with Commerce Manager permissions to manage one or more systems.
**Organization** – Group or sub-group of contacts.
**Commerce Manager User** – User with an assigned role that provides access to the Commerce Manager site.
Commerce manager user role management is done from Permissions for functions in the Optimizely Content Management System (CMS) Admin view.
Classes in this topic are available in the following namespaces:
## Customer groups
Customer groups target multiple Customers and Organizations for pricing and promotions. Both the Customer and the Organization expose their own CustomerGroup information, and the Customer has a derived property, called EffectiveCustomerGroup, that combines the two with the priority on the Organization value. See [Customer groups](🔗).
EffectiveCustomerGroup is used in pricing and promotions instead of the regular CustomerGroup. The EffectiveCustomerGroup returns the CustomerGroup of the parent Organization, if the CustomerContact belongs to a parent Organization that belongs to a CustomerGroup. Otherwise, EffectiveCustomerGroup returns its own group.
## Child organizations
Use EntityObject to access an organization's child organizations, a core BF object. The EntityObject is an important base class for CustomerContact, Organization, and any custom business objects you create. EntityObject has only a PrimaryKeyId property to retrieve the full organization object from the CustomerContext singleton.
## Security fundamentals
Primary mechanism for configuring authorization.
Stand-alone method of providing an authorization scheme.
Configured through the Commerce Manager GUI.
Role names are hard-coded strings, meaning that code using roles for authorization needs to have semantic knowledge of the role meaning.
Each role can have associated permissions.
Allow for more complex roles.
Usage is primarily designed for the Commerce Manager UI.
Commerce Manager has no UI to create, edit, or delete custom permissions. You must do this manually.
The permissions infrastructure allows for more complex permission management. However, work is required to implement a custom security system with roles, permission hierarchies, and logic.
### Security API
The CustomerProfile class extends the System.Web.Security.CurrentUserProfile and contains login information.
The State property indicates whether a user is logged in.
The SecurityContext singleton contains methods to check the roles and permissions associated with a user.
Permissions are used heavily in the Commerce Manager to distinguish complex rights and to lock down a view in the catalog system to be read-only for some users while giving write access to admin users.
**Example:** Using SecurityContext.