Web Service authorization
Web Service Administrator Role Assignments
The following table lists the Web services and their corresponding authorization stores and administrator roles. You must assign each Web service account to the corresponding authorization role.
|
Authorization Store |
Role |
Account Assignments |
|---|---|---|
|
CatalogAuthorizationStore.xml |
Administrator |
CatalogWebSvc, <CS Installer> |
|
MarketingAuthorizationStore.xml |
MarketingAdministrator |
MarketingWebSvc, <CS Installer> |
|
OrdersAuthorizationStore.xml |
OrdersAdministrator |
OrdersWebSvc, <CS Installer> |
|
ProfilesAuthorizationStore.xml |
ProfileAdministrator |
ProfilesWebSvc, <CS Installer> |
After you assign write permissions to the authorization stores, assign users to the administrator roles for each Web service. This is necessary to perform any operation in the Business Management applications. By adding <CS Installer> to each administrator role, you can open and use each Business Management application.
BizTalk Adapters Role Assignments
The following table lists the role assignments that must have the BizTalk adapters identity CSLOB added to them.
|
Authorization Store |
Role |
Description |
|---|---|---|
|
CatalogAuthorizationStore |
CatalogAdministrator |
Gives the catalog adapter permission to import catalog changes and export catalogs. |
|
MarketingAuthorizationStore |
InventoryAdministrator |
Gives the inventory adapter permission to import inventory catalog changes and export inventory catalogs. |
|
OrdersAuthorizationStore |
OrdersAdapter |
Enables the orders adapter to perform all basic functions, such as Update Purchase Order, Save Purchase Order, Accept Basket, Orders Query, and Orders Export. |
|
ProfilesAuthorizationStore |
UserObject, ProfileWriter_Adapter |
Enables the profiles adapter to update profile objects when it uses the following operations: Profile Delete, Profile Update, Profile Import, Profile Query, and Profile Export. |
Additional User Groups for Granular Security
The following sections list the various authorization roles that are predefined for the Commerce Server systems. For each authorization role of interest, create an associated user group on the domain controller, and add business user accounts to the user group as needed.
Catalog and Inventory Systems
Marketing System
Orders System
Profiles System
For each user group that you create, you must assign the groups to authorization roles through the Authorization Manager. For more information, see Authorizing Users and Groups to Access Web Services.
Catalog and Inventory Systems
The following table lists the predefined authorization roles for the Catalog System and the Inventory System.
|
Role |
Description |
|---|---|
|
CatalogAdministrator |
Members can manage the Catalog System. |
|
CatalogViewer |
Members have read access to the Catalog System. |
|
CatalogManager |
Members can manage all the catalogs in the Catalog System. |
|
SchemaManager |
Members can manage the catalog and inventory schema, including property, category, and product definitions. |
|
CatalogSetsAdministrator |
Members can manage all the catalog sets. |
|
CatalogSetsViewer |
Members can view all the catalog sets in the Catalog System. |
|
InventoryAdministrator |
Members can manage the Inventory System. |
|
InventoryViewer |
Members can view all the catalogs in the Inventory System. |
|
InventorySynchronizationManager |
Members can synchronize the run-time Inventory System with the management system. |
|
Administrator |
Members can manage the Catalog System and the Inventory System. |
Marketing System
The following table lists the predefined authorization roles for the Marketing System.
|
Role |
Description |
|---|---|
|
MarketingAdministrator |
Members have full access to every operation in the Marketing System. |
|
MarketingApprover |
Members can approve or reject marketing items, such as campaigns, discounts, and expressions. |
|
MarketingAuthor |
Members can create marketing-related items, such as customers, campaigns, discounts, and expressions. |
|
MarketingViewer |
Members can view and search marketing items, such as campaign event logs. |
|
GlobalExpressionAuthor |
Members can create, edit, and delete global expressions across multiple discounts. |
|
RuntimeSiteManager |
Members can refresh the Discounts and Advertisements caches of the run-time site. |
Orders System
The following table lists the predefined authorization roles for the Orders System.
|
Role |
Description |
|---|---|
|
OrdersAdministrator |
Members can manage data integrity and cleanup issues. |
|
OrdersConfigurationEditor |
Members can manage orders configuration data for the site. |
|
OrdersViewer |
Members have read access to view orders. |
|
OrdersAdapter |
Members can search orders for order processing and updates. |
Profiles System
The following table lists the predefined authorization roles for the Profiles System.
|
Role |
Description |
|---|---|
|
ProfileAdministrator |
Members have complete access to the Profiles System. |
|
ProfileWriter_BusinessManager |
Members of this scope-level role have access to the profile definition within the scope. There are six profile definitions: UserObject, Address, Organization, BlanketPO, CreditCard, and Currency. |
|
ProfileWriter_CSR |
Members of this scope-level role have access to the profile definition within the scope. |
|
ProfileWriter_Adapter |
Members of this scope-level role have access to the profile definition within the scope. |