Authorizing users and groups to access web services
Commerce Server provides several predefined roles to which you assign business users so that they can perform specific tasks such as editing a catalog, creating a discount, and deleting an order.
Authorization Manager, which is a Windows Server security tool, provides a role-based security model that you use to set permissions. With role-based access control, you can set permissions according to the organizational structure of your company. For more information about Authorization Manager, see http://go.microsoft.com/fwlink/?LinkId=16923.
When you assign user accounts or groups to roles such as MarketingAdministrator or OrdersAdministrator, you enable users to perform any operation associated with the corresponding Commerce Server system. In addition, the Commerce Server Adapters service account, CSLOB, requires authorization role assignments.
Follow these steps to authorize accounts and groups to access Web services:
-
Create the group that you want to assign to an authorization role. You can assign both Windows or Active Directory domain accounts and groups to the authorization roles. See the following topics as needed:
-
For a summary of the predefined roles, refer to the "Additional User Groups for Granular Security" section in What are the required accounts and groups to create? .
-
-
Add one or more users to the group you created in step 1. See How to Add Business User Accounts to Active Directory Groups.
-
On the computer where the Web services are run, assign users or groups to the authorization roles by using Authorization Manager. For more information, go to How to add users or groups to authorization roles .
-
If you are using Commerce Server Adapters for BizTalk Server, assign the CSLOB service account to its required authorization roles by using Authorization Manager. For more information, go to How to set authorization roles for the BizTalk adapters.