Vulnerability in EPiServer.Forms
I'm trying to find an option to restrict a few tabs in Commerce based on user role/permission.
Is that something available Out of the box from the new Commerce 14 or something we have created?
You can restrict access to areas such as order, marketing, catalogs based on certain virtual roles as described here https://docs.developers.optimizely.com/customized-commerce/docs/authorization-and-authentication
we have a similar request to restrict some commerce pages for user/group. Can this be done in CMS or do we need to do this programatically?