Overview of Business Desk Security

Article
11/12/2009

The only default Business Desk user account is the BizDesk administrators group. Upon installation of a Business Desk application, this group account initially consists of the users in the Administrators group for the Web server on which the Business Desk application is installed.

A member of the BizDesk administrators group has all permissions, and can add other users.

It is recommended that you perform the following steps to secure your Business Desk application for use by business managers. For detailed instructions, see Deploying Commerce Server Using Windows Authentication.

Create Windows group accounts, and add Business Desk users to the appropriate group account. At minimum, it is recommended that you create three group accounts (shown here with sample account names):
- BDGroup account. Assign all Business Desk users.
- ReportAdvanced account. Assign users who are going to save, modify, and delete dynamic reports.
- SegmentViewer account. Assign users who are going to use the Segment Viewer module.
Run the Commerce Server security scripts on the Commerce Server databases to create database roles with the appropriate permissions for Business Desk users.
Assign the Business Desk group accounts to the appropriate database roles.
Add the Business Desk group accounts to the Permissions module, and then grant members of the domain the appropriate permissions to use Business Desk.

The Business Desk Permissions module provides security for the Business Desk user interface. It does not secure the Web server or the Commerce Server databases.
On each computer that has Business Desk client installed, enable Integrated Windows Authentication in Internet Explorer.
For Business Desk users who need to run reports from the other side of a firewall, see Accessing the Analysis Server over HTTPS.

In addition to the above steps, you must secure BDRefresh.asp, RefreshApp.asp, and Opt-Out.asp.

Overview of Business Desk Security

See Also

Additional resources