As same as CMS, you can set up access roles for Commerce via code in startup or in appSettings. json. The option setting name for commerce access is CommercePolicy". I do not find the document about Commerce Policy settings. Here is the detail:
Hi Iliyas
By default, any user with CommerceAdmins claim have access to all parts of the Commerce UI. I your user do not have any access, it might not have the role claim.
Can you confirm that you user does in fact have CommerceAdmins as a claim? Hit a breakpoint in any given controller action and check that User has a claim with CommerceAdmins.
Thanks Binh Nguyen Thi. Where did you find this custompolicy list? can you share the link? will check with support how to override default value.
Hi Stefan, I checked User has CommerceAdmins role. Also checkUserInRole("CommerceAdmins") and its returnoing true. As CommerceAdmins is virtual Role not default role. It needs to be i guess added as Virtual Role. Found this https://docs.developers.optimizely.com/customized-commerce/docs/authorization-and-authentication
But There is example given on how to add virtual roles and its in complete.
Hi,
I do not find document for Commerce Policy section. I noted by myself when looking in code core. You can override default value by setting in Startup file as following:
services.Configure<CommercePolicyOptions>(options => options.CommerceAdminRoles = new string[] { "Administrators", "CommerceAdmins", "SomeCustomeRole" });
Or in AppSettings.json as following:
"EPiServer": {
"Commerce": {
"CommercePolicy": {
"CommerceAdminRoles": ["Administrators", "CommerceAdmins", "SomeCustomerRole"]
}
}
}
If the user gets the CommerceAdmins role from Auth0, then no virtual role is needed.
Do you have claims synchronization running upon returning from Auth0 authentication? The code that is shown in "options.Events.OnSignedIn" event in the code samples.
Hi,
I am able to fix this by adding CommerceAdmins Role in EditRoles of CMSPolicy settings.
Thanks Stefan and Binh Nguyen Thi for taking out time looking into this issue. Binh Nguyen Thi thanks for details about CommercePolicy as this will help further assigning different access. Unfortunately I am not able to find more details about this policy setting on Optimizely site. I am even not able to find the link for the list of policy on website which u have shared.
Hi,
Nice to hear that. Yeah, I cannot find any document relates to CommercePolicy. I thought that you could access to cms edit but could not access to commerce edit. If you even cannot access to cms edit then yes, we need to set access to CMS first via CmsPolicy. By default, only CmsAdmins, Administrators, CmsEditors could access to cms edit mode as this link for cms policy guide https://docs.developers.optimizely.com/content-management-system/docs/configuring-cms
Hi,
We have recently migrated our CMS 11 and Commerce 13 application to CMS 12 & Commerce 14.
We are authenticating user with Auth0 and CommerceAdmins role has been added through claims. However user with CommerceAdmins roles not getting any access to Commerce edit mode as mentioned in below article
https://support.optimizely.com/hc/en-us/articles/4413192098573-Access-rights-for-Commerce-Connect
Also previously in ASP.net MVC in webconfig we have option to provide access to certain groups/roles to location for example
<location path="episerver/Commerce">
<system.web>
<authorization>
<allow roles="Administrators, CommerceAdmins, SomeCustomeRole" />
<deny users="*" />
</authorization>
</system.web>
</location>
How to achieve the same in current .net core version?
Any help with solution on CommerceAdmins Roles access and the location tag in new .net core version would be helpful!