Authorization Manager Policy Access

For the latest version of Commerce Server 2007 Help, see the Microsoft Web site.

After you unpack the Business Management applications, the authorization policies are extracted as the following files:

• CatalogAuthorizationStore.xml

• MarketingAuthorizationStore.xml

• ProfilesAuthorizationStore.xml

• OrdersAuthorizationStore.xml

In order to update the catalog scopes in the policies dynamically, for example, when the user creates or deletes a catalog, you must assign the ASP.NET worker process write access to the authorization policy files.

You can use a different authorization policy by changing the authorizationPolicyPath attribute in the Web.config file that is associated with the Business Management Web service as shown in the following example:

<CommerceServer>
<catalogWebService siteName="CSharpSite" authorizationPolicyPath="CatalogAuthorizationStore.xml" debugLevel="Production" fileUploadDirectory="%windir%\temp" maxChunkSize="1024" maxUploadFileSize="204800" timeOutHours="24" enableInventorySystem="true" disableAuthorization="false">
</catalogWebService>
</CommerceServer>

In This Section

• How to Assign Write Permissions to the Authorization Policy

• Adding Windows Users to the Authorization Policy Roles

• How to Add Users to the CatalogPropertyContentEditors Group

• How to Define New Catalog Roles

• How to Disable Authorization in Commerce Server 2007