Authorizing Users and Groups to Access Commerce Core Systems Web Services

Applications such as Microsoft Commerce Server 2009 R2 Desktop Business Tools or the Commerce Server 2009 R2 BizTalk adapters use the Commerce Server Core Systems to access Commerce Resources stored in Commerce databases. Commerce Server 2009 R2 provides predefined authorization roles that you assign business users so that they can perform specific tasks such as editing a catalog, creating a discount, and deleting an order.

The information provided in this topic assumes that you have considered all topics under Planning Secure Access to Commerce Server 2009 R2 Resources and that you are familiar with access requirements specific your deployment.

Authorization Manager, which is a Windows Server security tool, provides a role-based security model that you use to set permissions. With role-based access control, you can set permissions according to the organizational structure of your company. For more information about Authorization Manager, see https://go.microsoft.com/fwlink/?LinkId=209520.

When you assign user accounts or groups to roles such as MarketingAdministrator or OrdersAdministrator, you enable users to perform any operation associated with the corresponding Commerce Server system. In addition, the Commerce Server Adapters service account, CSLOB, requires authorization role assignments.

Follow these steps to authorize accounts and groups to access Web services:

1. Create the group that you want to assign to an authorization role. You can assign both Windows or Active Directory domain accounts and groups to the authorization roles. For a summary of the predefined roles, see the Managing Authorization Policies

2. Add one or more users to the group you created in step 1. See How to Add Business User Accounts to Active Directory Groups.

3. On the computer where the Web services are run, assign users or groups to the authorization roles by using Authorization Manager. See How to Add Users or Groups to Authorization Roles.

4. If you are using Commerce Server Adapter for BizTalk Server, assign the CSLOB service account to its required authorization roles by using Authorization Manager. See How to Set Authorization Roles for the BizTalk Adapters.

5. If you are using Commerce Server Health Monitoring Service, assign the CSHealthMonitorSvc service account to its required authorization roles by using Authorization Manager. See How to Set Authorization Roles for the Commerce Server Health Monitoring Service.

In This Section

• What Are the Minimum Authorization Roles to Assign for Commerce Core Systems Web Service?

• What Are the Required Authorization Store Permissions for BizTalk Adapters?

• How to Add Users or Groups to Authorization Roles

• How to Set Authorization Roles for the BizTalk Adapters

• How to Set Authorization Roles for the Commerce Server Health Monitoring Service