It sounds like that is something to do with 11.6 when we added the catalog access rights feature. Make sure to set the access rights correctly to your users, and you should be fine:
https://world.episerver.com/blogs/Quan-Mai/Dates/2017/12/catalog-content-permission-handling/
You can assign the write access right to CatalogManagers like this
IContent content;
if (_contentLoader.TryGet<IContent>(_referenceConverter.GetRootLink(), out content))
{
var securableContent = (IContentSecurable)content;
var defaultAccessControlList = (IContentSecurityDescriptor)securableContent.GetContentSecurityDescriptor().CreateWritableClone();
defaultAccessControlList.AddEntry(new AccessControlEntry("CommerceManagers", AccessLevel.Create, SecurityEntityType.Role));
_contentSecurityRepository.Save(content.ContentLink, defaultAccessControlList, SecuritySaveType.Replace);
}
Then I would suggest you to contact developer support service. It sounds like something is wrong somewhere, it's just not easy to tell from this thread
I debugged into AccessControlList.QueryAccess() and noticed that the ACL has the wrong role - in your snippet it's CommerceManagers instead of CatalogManagers, that was the problem.
At the end I gave FullAccess to CatalogManagers, so there is no need to configure anything on Catalog, I put this in an InitializationModule, the code:
IContent content; if (contentLoader.TryGet(referenceConverter.GetRootLink(), out content)) { var securableContent = (IContentSecurable)content; var contentSecurityDescriptor = securableContent.GetContentSecurityDescriptor(); if (!contentSecurityDescriptor.Entries.Any(entry => entry.Name == "CatalogManagers" && entry.Access == AccessLevel.FullAccess && entry.EntityType == SecurityEntityType.Role)) { var defaultAccessControlList = (IContentSecurityDescriptor)contentSecurityDescriptor.CreateWritableClone(); defaultAccessControlList.AddEntry(new AccessControlEntry("CatalogManagers", AccessLevel.FullAccess, SecurityEntityType.Role)); contentSecurityRepository.Save(content.ContentLink, defaultAccessControlList, SecuritySaveType.Replace); } }
Thanks for your help!
Hi,
We updated our project to the newest Commerce 12.14 from Commerce 11.2.3. After that, users with role CatalogManagers, but without CommerceAdmins can see the Catalog in Catalog Editor UI, but everything is read-only, the user cannot create any new entry or modify an existing one. In the previous version CatalogManagers had write access to the catalog as well.
If I assign the user CommerceAdmins role as well, it can edit the catalog. I have checked the role-configuration and security configuration in UI and everything is correct and like in the old version, there is no difference.
What could cause this change of behavior and how could it be solved? I have debugged, and the user gets the CatalogManagers claim, but apparently it is not enough.
Thank you in advance!