You would have to create a new group, and assign these permissions to it
Except any permission with ":admin:" part (which corresponding to Administration part in Commerce Manager)
Then create virtual roles and assign it to your new group
For catalog - CatalogManagers
For Marketing - MarketingManagers
Thank you for your quick response Quan!
I have created a group calls "CommerceSales" and edit in the Permission for Functions.
I am not sure if I created virtual role correctly. Would you like to check in the screenshots?
How do I assgin CommerceSalesRole to the new group CommerceSales?
Add these to <episerver.framework>/<virtualRoles>/<providers>
<add name="CatalogManagers" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="CommerceSales" mode="Any" />
<add name="MarketingManagers" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="CommerceSales" mode="Any" />
Do you know why the GetDefault is incorrect?
Do I need to add any logic to IsInVirtualRole method?
public override bool IsInVirtualRole(IPrincipal principal, object context)
{
throw new NotImplementedException();
}
Hi
I just want to to add that there is a section in the user documentation that describes how to set up access rights to different views in Commerce. You can find it here, http://webhelp.episerver.com/latest/commerce/access-rights.htm.
Edit: There should be no need for you to create your own virtual role type. The only thing that matters is that the user is part of a role with the names that you can see in documentation above. If that is a role provided by our virtual role type mapped role, or just a role from the AD, or anywhere else, doesn't matter. The system only does an is in role check for any role by that name.
Regards
Per Gunsarfs
No, you don't have to, just add the virtual roles as I suggested.
If you want to create the virtual roles progammatically, you are doing it wrong. You would have to use context.Locate.Advanced.GetInstance<IVirtualRoleRepository>() to get an instance of the virtual role repository, and continue from there.
Yes. I have added the virtual roles to the web.config.
<add name="CatalogManagers" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="CommerceSales" mode="Any" />
<add name="MarketingManagers" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="CommerceSales" mode="Any" />
Unfortunately I still couldn't log in with the user account that I created.
Do I miss anything else?
BR,
ChiChing
Did you mean you can't login to CM? Did you assign core:mng:login permission to that account?
I mean I couldn't log in to ../Util/login.aspx
Yes, I assigned core:mng:login permission to CommerceSales.
By default that path is only allowed to specific roles WebEditors, WebAdmins, Administrators. Your account was logged in successfully, but was denied access so the framework asks for login a gain.
You would have to add the roles here
<location path="episerver">
<system.web>
<httpRuntime maxRequestLength="1000000" requestValidationMode="2.0" />
<pages enableEventValidation="true" enableViewState="true" enableSessionState="true" enableViewStateMac="true">
<controls>
<add tagPrefix="EPiServerUI" namespace="EPiServer.UI.WebControls" assembly="EPiServer.UI" />
<add tagPrefix="EPiServerScript" namespace="EPiServer.ClientScript.WebControls" assembly="EPiServer.Cms.AspNet" />
<add tagPrefix="EPiServerScript" namespace="EPiServer.UI.ClientScript.WebControls" assembly="EPiServer.UI" />
</controls>
</pages>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<authorization>
<allow roles="WebEditors, WebAdmins, Administrators" />
<deny users="*" />
</authorization>
Hey,
I would like to create user accounts for the sales group which can have the full access to following view in episerver (Commerce part).
Commerce tab
- Catalog
- Marketing
- Commerce Manger (every view excepts "Administration")
I tried with CommerceAdmins role but it doesn't work if the user is not WebAdmins or Administrators.
Which administer groups shall the sales be member of?
Do I need to create a new role for this scenario? If so, any suggestions?
Thanks,
ChiChing