Authorizing Users and Groups to Access Web Services

Commerce Server 2009 provides several predefined roles to which you assign business users so that they can perform specific tasks such as editing a catalog, creating a discount, and deleting an order. Authorization Manager, which is a Windows Server security tool, provides a role-based security model that you use to set permissions. With role-based access control, you can set permissions according to the organizational structure of your company. For more information about Authorization Manager, see https://go.microsoft.com/fwlink/?LinkId=16923.

When you assign user accounts or groups to roles such as MarketingAdministrator or OrdersAdministrator, you enable users to perform any operation associated with the corresponding Commerce Server system. In addition, the Commerce Server Adapters service account, CSLOB, requires authorization role assignments.

Follow these steps to authorize accounts and groups to access Web services:

  1. Create the group that you want to assign to an authorization role. You can assign both Windows or Active Directory domain accounts and groups to the authorization roles. See the following topics as needed:

  2. Add one or more users to the group you created in step 1. See How to Add Business User Accounts to Active Directory Groups.

  3. On the computer where the Web services are run, assign users or groups to the authorization roles by using Authorization Manager. See How to Add Users or Groups to Authorization Roles.

  4. If you are using Commerce Server Adapter for BizTalk Server, assign the CSLOB service account to its required authorization roles by using Authorization Manager. See How to Set Authorization Roles for the BizTalk Adapters.

  5. If you are using Commerce Server Health Monitoring Service, assign the CSHealthMonitorSvc service account to its required authorization roles by using Authorization Manager. See How to Set Authorization Roles for the Commerce Server Health Monitoring Service.

In This Section