How to Authorize Members of a Security Group to Update the Cache
You can help increase security for cache update operations by creating a security group to contain the users who can update the site cache. You can then update the Web.config file to indicate that only members of the security group are authorized to update the cache.
To authorize members of a security group to update the cache
Open Computer Management.
In the Computer Management window, click Groups.
On the Action menu, click New Group.
In the New Group dialog box, in the Group text box, type a name for the new group, such as CacheRefresh_SG.
In the Description text box, type a description of the new group, such as User accounts that can update the site cache.
Click Add.
In the Select Users, Computers, or Groups dialog box, type the account under which the Staging service runs. Typically, this is <domain>\CSStageSvc. Click OK to add the account to the group.
Repeat steps 5 and 6 to add the following accounts to the new group:
The account under which the Catalog Web service runs. Typically, this is <domain>\CatalogWebSvc.
The account under which the Marketing Web service runs. Typically, this is <domain>\MarketingWebSvc.
The account under which the Orders Web service runs. Typically, this is <domain>\OrdersWebSvc.
The account under which the Profiles Web service runs. Typically, this is <domain>\ProfilesWebSvc.
Click Create.
Edit the Web.config file at the virtual root of the Web site by adding the following XML statements in the configuration element:
<location path="SiteCacheRefresh.axd"> <system.web> <authorization> <allow roles=".\CacheRefresh_SG"/> <deny users="*" /> </authorization> </system.web> </location>Note
Replace CacheRefresh_SG with the name of the new group.
Repeat step 9 to edit the Web.config file at the virtual root of each Web service that is being used for your site. Typically, these are the Catalog Web service, Marketing Web service, Orders Web service and Profiles Web service.