Securing Business Desk Modules

Commerce Server Business Desk provides role-based security: Business Desk users can view and manage only those modules for which they are authorized. For example, if a group of users does not use the Catalog Designer module, you can prevent that module from appearing in the navigation pane when those users access Business Desk. After the site developer limits user access to a module, a user without permissions to the module will not see it.

Note that the ability to limit access to specific modules in Business Desk is not intended to prevent a malicious security violation. Rather, it prevents users from seeing Business Desk modules that are outside their areas of responsibility.

System administrators implement security. To secure a Business Desk module, the system administrator must set Windows Access Control Lists (ACLs) on the module Active Server Pages (ASP) files. For more information, see Security.

Notes

• If you secure one of the following modules, all the modules are secured by default: Publish Profiles, Publish Campaigns, and Publish Transactions.

• This feature does not limit access to specific data within Business Desk. To limit access to the data a user sees in Business Desk, contact your system administrator or site developer to implement security at the database level. For example, if you want to limit a Business Desk user to editing one specific catalog, your site developer can implement that security.

• If a user connects to Business Desk from the Internet via an unauthenticated session, Internet Explorer prompts for the user name, password, and domain name in order to authenticate the user for the Business Desk application.

See Also

Limiting Access to Business Desk Modules

Building Business Desk Modules

All rights reserved.