Export (0) Print
Expand All

How to Add a User Group to an Authorization Policy Role

Commerce Server 2009

You use user groups to add an "allow/deny" set of users access to a particular role by creating basic groups or using a Lightweight Directory Access Protocol (LDAP) query. Follow these steps to add a user group to an Authorization policy role.

To add a user group to a role

  1. Click Start, click Run, type azman.msc, and then click OK.

  2. In the Authorization Manager screen, right-click Authorization Manager, and then click Open Authorization Store.

  3. In the Open Authorization Store dialog box, verify that the XML file option is selected, and then click Browse to move to where the authorization policy for your catalog Web service is located, for example, <drive>:\Inetpub\wwwroot\CatalogWebService.

  4. Select CatalogAuthorizationStore.xml, click Open, and then in the Open Authorization Store dialog box, click OK.

  5. Expand the Authorization Policy to \CatalogAuthorizationStore.xml\ProductCatalogSystem\Groups.

  6. Right-click the Groups node, and then click New Application Group.

  7. In the New Application Group dialog box, type the name and description of the new group.

  8. Under Group type, select Basic or LDAP query, and then click OK.

    If you select LDAP query, do the following:

    • Right-click <Group name>, and then click Properties.

    • In the <Group name> dialog box, on the Query tab, type the name of the LDAP query, and then click OK.

    If you select Basic, do the following:

    • Right-click <Group name>, and then click Properties.

    • On the Members tab, click Add Application Groups.

    • Select the groups to add as members, and then click OK.

    • On the Non Members tab, click Add Application Groups.

    • Select the groups to add as non-members, and then click OK.

  9. In the <Group name> dialog box, click OK.

Dd452318.alert_note(en-US,CS.90).gifNote:

If you want to deny a set of users access to a particular role, you create a basic group, add all the users as non-members of the group, and then add the group to the appropriate role.

Show:
© 2014 Microsoft