Securing Business Desk Modules
Commerce Server Business Desk provides role-based security: Business Desk users can view and manage only those modules for which they are authorized. For example, if a group of users does not use the Catalog Designer module, you can prevent that module from appearing in the navigation pane when those users access Business Desk. After the site developer limits who can access a module, a user without permissions to the module will not see it.
The ability to limit access to specific modules in Business Desk is not intended to prevent a malicious security violation. Rather, it prevents users from seeing Business Desk modules that are outside their areas of responsibility.
Contact your system administrator to implement security. To secure a Business Desk module, your system administrator must set Windows Access Control Lists (ACLs) on the module Active Server Pages (ASP) files. For more information, see "Security" in the Business Desk Architecture section of Commerce Server 2000 Help.
.gif "Ee823678.note(en-US,CS.10).gif")
Notes
If you secure one of the following modules, all the modules are secured by default: Publish Profiles, Publish Campaigns, and Publish Transactions.
This feature does not limit access to specific data within Business Desk. To limit access to the data a user sees in Business Desk, contact your system administrator or site developer to implement security at the Commerce Server database level. For example, if you want to limit a Business Desk user to editing one specific catalog, your site developer can implement that security.
If a user connects to Business Desk from the Internet via an unauthenticated session, Internet Explorer prompts for the user name, password, and domain name in order to authenticate the user for the Business Desk application.