Access to the "new" Catalog UI is granted to the roles "CommerceAdmins" and "CatalogManagers". CommerceAdmins is mapped to the roles "WebAdmins" and "Administrators", but that can be changed in the sites config files.
My suggestion is that you add a role called "CatalogManagers" and add any users that should have access to the catalog UI to that role. Then make sure that any user that shouldn't be able to access it isn't part of the mapped "CommerceAdmins" role. You can do that by changing(or even removing) the mapping configuration. The configuration should be in either web.config or EPiServerFramework.config.
One of our client requires that only a particular user/role could should have the access to manage the SKU's (and catalog entries).
In the Commerce Manager site, I could achieve this by creating a 'CatalogManager' role with only 'Catalog' tab to be visible.
However, from the CMS side, I could only see 3 roles : 'Administrators', 'WebAdmin', 'WebEditor'.
Is it possible to restrict access to the *new* Catalog Management UI on the CMS side based on roles defined on Commerce Manager?
The initial workaround I could think of is to create a new group 'CatalogManager' in the CMS side and set up some manual roles <location path="<adminUI>/commerce/catalog"> in the web.config file.
Is there a better way to achieve this restriction?