Access to Commerce tab in episerver

Vote:
 

Hey,

I would like to create user accounts for the sales group which can have the full access to following view in episerver (Commerce part).

Commerce tab 
- Catalog 
- Marketing 
- Commerce Manger (every view excepts "Administration")

I tried with CommerceAdmins role but it doesn't work if the user is not WebAdmins or Administrators.

Which administer groups shall the sales be member of?

Do I need to create a new role for this scenario? If so, any suggestions?

Thanks, 

ChiChing

#199265
Nov 22, 2018 10:07
Vote:
 

You would have to create a new group, and assign these permissions to it 

Except any permission with ":admin:" part (which corresponding to Administration part in Commerce Manager) 

Then create virtual roles and assign it to your new group 

For catalog - CatalogManagers

For Marketing - MarketingManagers

#199279
Nov 22, 2018 11:34
Vote:
 

Thank you for your quick response Quan!

I have created a group calls "CommerceSales" and edit in the Permission for Functions.

I am not sure if I created virtual role correctly. Would you like to check in the screenshots?

  • created a VirtualRoleInitializer class
  • created a virtual role "CommerceSalesRole

How do I assgin CommerceSalesRole to the new group CommerceSales?

#199296
Nov 22, 2018 13:05
Vote:
 

Add these to <episerver.framework>/<virtualRoles>/<providers>

<add name="CatalogManagers" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="CommerceSales" mode="Any" />
<add name="MarketingManagers" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="CommerceSales" mode="Any" />

#199298
Nov 22, 2018 13:13
Vote:
 

Do you know why the GetDefault is incorrect? 

Do I need to add any logic to IsInVirtualRole method?

public override bool IsInVirtualRole(IPrincipal principal, object context)
{
throw new NotImplementedException();
}

#199301
Nov 22, 2018 13:46
Vote:
 

Hi

I just want to to add that there is a section in the user documentation that describes how to set up access rights to different views in Commerce. You can find it here, http://webhelp.episerver.com/latest/commerce/access-rights.htm.

Edit: There should be no need for you to create your own virtual role type. The only thing that matters is that the user is part of a role with the names that you can see in documentation above. If that is a role provided by our virtual role type mapped role, or just a role from the AD, or anywhere else, doesn't matter. The system only does an is in role check for any role by that name.

Regards

Per Gunsarfs

#199302
Edited, Nov 22, 2018 13:52
Vote:
 

No, you don't have to, just add the virtual roles as I suggested.

If you want to create the virtual roles progammatically, you are doing it wrong. You would have to use context.Locate.Advanced.GetInstance<IVirtualRoleRepository>() to get an instance of the virtual role repository, and continue from there. 

#199305
Nov 22, 2018 14:33
Vote:
 

Yes. I have added the virtual  roles to the web.config.

<add name="CatalogManagers" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="CommerceSales" mode="Any" />
<add name="MarketingManagers" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="CommerceSales" mode="Any" />

Unfortunately I still couldn't log in with the user account that I created.

Do I miss anything else? 

BR, 

ChiChing

#199312
Nov 22, 2018 14:55
Vote:
 

Did you mean you can't login to CM? Did you assign core:mng:login permission to that account? 

#199316
Nov 22, 2018 15:17
Vote:
 

I mean I couldn't log in to ../Util/login.aspx

Yes, I assigned core:mng:login permission to CommerceSales.

#199318
Nov 22, 2018 15:28
Vote:
 

By default that path is only allowed to specific roles WebEditors, WebAdmins, Administrators. Your account was logged in successfully, but was denied access so the framework asks for login a gain.

You would have to add the roles here

<location path="episerver">
<system.web>
<httpRuntime maxRequestLength="1000000" requestValidationMode="2.0" />
<pages enableEventValidation="true" enableViewState="true" enableSessionState="true" enableViewStateMac="true">
<controls>
<add tagPrefix="EPiServerUI" namespace="EPiServer.UI.WebControls" assembly="EPiServer.UI" />
<add tagPrefix="EPiServerScript" namespace="EPiServer.ClientScript.WebControls" assembly="EPiServer.Cms.AspNet" />
<add tagPrefix="EPiServerScript" namespace="EPiServer.UI.ClientScript.WebControls" assembly="EPiServer.UI" />
</controls>
</pages>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<authorization>
<allow roles="WebEditors, WebAdmins, Administrators" />
<deny users="*" />
</authorization>

#199322
Nov 22, 2018 15:42
Vote:
 

Thank you so much Quan! It works :)

#199364
Nov 23, 2018 12:59
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.