Giving employees access to their employer’s account should be an easy task. Little did the team know when they started this project that the larger challenge lay in the backend. Earlier this year, eBay launched a new feature, Multi-user Account Access (MUAA), to help sellers scale their business and improve business efficiency without exposing their password and critical business information to designated users.
eBay users that are opted into Seller Hub can now navigate to the “Permissions” section under “Account Settings” in My eBay and grant other users access to their account to perform specific functions on their behalf.
How we made MUAA possible
Previously, sellers didn’t have a way to let other users access their account. To overcome this limitation, we considered several different implementation options, including:
- Creating sub-accounts under the seller’s account
- Creating different types of new users/accounts that could only perform limited tasks
- Linking a seller’s account to other users’ accounts in a way that permits them access to limited functionality only
Which approach to use?
The first two proposals were ruled out due to the massive amount of change they would have required to eBay’s underlying identity model and user flows. The development time and cost would have been prohibitive. The concept of sub-accounts didn’t exist in the eBay architecture, and all of eBay only understood the notion of single-identity-single-account. Likewise, creating limited-function accounts would have been a completely new concept, and would have required extensive changes across the entire site.
That left account linking via a permissions system as the most viable candidate. This was solved elegantly by adding an additional MUAA user context under the currently logged-in user account.
The main advantage of this approach is that the eBay ecosystem already knows how to deal with logged-in users. We didn’t have to change the entire site all at once to recognize the MUAA context for an account. We only needed to enhance the parts we wanted to enable with MUAA functionality, and we started with Seller Hub Listings. Since we’re using regular accounts, the rest of the site works just the same as it always did. Over time, we can increase the MUAA footprint to include many more Seller Hub capabilities, such as delegating order management, CRM, and even expanding beyond selling use cases. We could also expand it to the buying side for parent/child or teacher/student types of scenarios.
Since Seller Hub already provides a comprehensive and well-encapsulated selling experience, we were able to leverage its framework and deploy the MUAA experience within it. All Seller Hub users can delegate access to other users. We decided to start with a limited MUAA-enabled capability in the initial implementation, due to the complexity of introducing the concept of linked accounts. It provides the ability for delegated users to create and edit listing drafts, and/or to publish and revise listings. While the initial rollout is available to U.S.-based users only, we plan to expand to other countries soon.
When a delegatee logs in and switches to another user’s account, they see a limited view of their Seller Hub and can access only those functions to which they have been granted permissions.
Design
The main design principle of MUAA is to grant multiple users access to a single eBay account, with specified permissions granted by the owner of the account. We knew from the outset that we would need to build several new Identity-related capabilities to make the account linking approach work, so we started there.
Some of the key new Identity management components we built to enable MUAA include:
- Permissions catalog
- Permissions management and enforcement
- Account context switching and user session management
- Activity logging and reporting tools
- A way to invite users via email to access a seller’s account
- An email invitation acceptance mechanism
- A way to recognize existing eBay users when they sign in to eBay and route them accordingly to the desired MUAA experience
- A way to route new users to the registration flow, and then route them accordingly
- Adding MUAA specific navigation features to the My eBay and Seller Hub menus
- A way for sellers to view all the delegatee activities
The entire MUAA components system is built using a modern Java/Node.js tech stack, with some added eBay contextual frameworks. MUAA is built on a role/permission-based access control model on top of the existing eBay user architecture. The complete life cycle of MUAA was built from scratch and all the existing eBay platform business logic components were enhanced to understand the MUAA context.
We also needed to create the selling experience for MUAA delegates that mapped to their permissions level. That entailed:
- Providing limited views of the seller’s Seller Hub that matched their delegates' permissions levels
- Disabling some existing features of the listing flow to prevent delegates from changing key business settings
- Implementing a new banner in the page header to let a delegatee user know which account they were active in
- Implementing permission limitations in Seller Hub Listings tab UI
- Implementing behind the scenes limitations to prevent delegates from accessing functionality not granted to them
Technical Implementation
We have designed and built MUAA with specific principles in mind. These principles are at the core of the decision-making process for MUAA platform. Here are some of these principles:
- Do not reinvent the wheel and leverage existing systems as much as possible
- Make the MUAA experience easy for our users
- Make integrating with the MUAA platform easy for developers when adding new features
The MUAA journey starts with the seller inviting the employees to act on the seller account’s behalf:
- The seller sends an invitation to the email address the employee will use to access their account, with certain permissions specified.
- The employee ‘Accepts’ the invitation by clicking on a link in the email. If they already have an account using that email address, they log in and are taken to the employer’s Seller Hub Listings tab. If they don’t have an account, they land on the Registration page and create one with that email.
- Once logged into the employer’s Seller Hub, they can perform the activities the employer granted them permission to access.
The employer and employee each have a view of their account access status under the ‘Permissions’ section, and the employer can change permissions at any time. The changes take effect immediately.
When a MUAA-enabled employee is in Seller Hub, they see a blue-bordered banner informing them which account they are working on. This banner also provides links to switch back and forth between accounts.
The employee can switch back to their personal account.
Or, they can have access to more than one seller account, and switch between them too.
Sellers can view an employee’s activity on their account. They can see when invitations are accepted, when listings are published and revised, and they can filter searches on several criteria, such as Item ID or type of activity.
We have designed MUAA to be easy for eBay application developers to integrate with. Permissions can be integrated declaratively for all our application technology stacks. An eBay web application developer can specify the permission required for a resource through page metadata.
<parameters-Map>
<parameters keys=muaa.action_type">PERMISSION_EVALUATION</parameters>
<parameters keys=muaa.permissions">DRAFT_LISTING,PUBLISH_LISTING</parameters>
<parameters keys=muaa.permissions.operator">ANY</parameters>
<parameters keys=muaa.permissions.post_action_effect">CUSTOM_ERROR</parameters>
</parameters-Map>
And, a service developer can specify the permission required for the resource through annotations.
@PreAuthorize("hasRole('https://api.ebay.com/oauth/scope/sell@user') and hasPermission('DRAFT_LISTING')")
When an employee is acting on another account, MUAA components in eBay web/service application stacks populate the employee and seller account identifiers in user access context. Then, the permission enforcement system in the application stack evaluates the permission specified for the resource against the user access context. If the employee and seller accounts are associated for the specified permission, the employee is allowed to perform the corresponding activity on the site. The user access context is propagated/evaluated from the application layer to the service, and throughout the chain of services in the service layer. In the eBay ecosystem, there are a small number of web applications and services still utilizing legacy application stacks, and these are integrated with MUAA programmatically.
The data model and framework is built to support mapping between an account, delegatee, and permissions that has the capability of going as granular as down to the field level or as flexible as dynamically computing permissions based on rules. For instance, a seller could limit the listing actions of a delegatee by category, price or location. These permissions can be aggregated into roles for efficiency and ease of management. The foundation has been built to cater to all the use cases that sellers may bring up in the future to increase their productivity and take advantage of business opportunities.
eBay's sellers are excited about MUAA and have been eagerly awaiting it. We have kept their needs front and center. It has been designed and built to support scale, resiliency, performance and ease-of-use. And as we ramp MUAA up, permissions management, policy enforcement and activity logging will support hundreds of millions of calls on a daily basis.
For the first MUAA use case of Seller Hub Listings, changes were implemented across multiple technology stacks, and multiple technology generations, to seamlessly consume and validate the permissions and render the trimmed-down version of Seller Hub to delegatees. It was a complex undertaking that we’re very proud to have implemented successfully.
Adoption
Since we first announced MUAA at eBay Open 2019 in July, we’ve seen steady organic adoption of the feature in the U.S., and we plan to roll it out to sellers in other regions in the coming months. We’re delighted to be able to provide something that sellers have been requesting for a long time. They love what we’ve done with MUAA so far...and they want more!
“Love the new feature of the Multi User Account Access.”
“I really love how seamless it is to use. My employee is only able to make drafts as I want to review and make any final edits on the complete listing. I appreciate the fact that they can do the critical part without having full access to my site and risk being able to purchase things under my account, edit my PayPal (to ensure it’s going in my account), or see the volume of sales I have. Since they’re only able to make drafts, they can only see that aspect of eBay seller hub. It’s phenomenal.“
“It has made it easier for me to focus on other things for my business. This is the first time I have hired someone to create drafts for my account as I am a small time seller and I take a very hands on approach. Due to personal reasons, the last two weeks I was unable to work. I literally got over 20 drafts created while I was out of commission. I wish I had given my employee more items!”
“I really love this feature because the lister I am using now is someone I didn’t know before so I would hate to give her access to my entire account.”
Our sellers have also made it clear to us that there are other important selling tasks they want us to MUAA-enable, such as order management, shipping, returns, cancellations, and member messaging, and we’re planning to implement those in the near future.