Authorization Manager Policy Access

After you unpack the Business Management applications, the authorization policies are extracted as the following files:

• CatalogAuthorizationStore.xml

• MarketingAuthorizationStore.xml

• ProfilesAuthorizationStore.xml

• OrdersAuthorizationStore.xml

In order to update the catalog scopes in the policies dynamically, for example, when the user creates or deletes a catalog, you must assign the ASP.NET worker process write access to the authorization policy files.

You can use a different authorization policy by changing the authorizationPolicyPath attribute in the Web.config file that is associated with the Business Management Web service as shown in the following example:

<CommerceServer>
<catalogWebService siteName="CSharpSite" authorizationPolicyPath="CatalogAuthorizationStore.xml" debugLevel="Production" fileUploadDirectory="%windir%\temp" maxChunkSize="1024" maxUploadFileSize="204800" timeOutHours="24" enableInventorySystem="true" disableAuthorization="false">
</catalogWebService>
</CommerceServer>

In This Section

• How to Assign Write Permissions to the Authorization Policy

• Adding Windows Users to the Authorization Policy Roles

• How to Add Users to the CatalogPropertyContentEditors Group

• How to Define New Catalog Roles

• How to Disable Authorization in Commerce Server 2007