If you have downloaded the VPC of the CS 2009 RTM VPC image from Connect, you may have noticed that the Business Tools do not exactly work. Reason ? Well, quite simply, they were not configured with Azman.
Even after setting up the web services in each of the prompts you will need to use Azman to configure both read and edit access to be able to play around with the AdventureWorks catalog.
To do this quickly, you can simply follow the instructions for Azman on the old CS 2007 Starter Site instructions here.
Or use the excerpt I have here:
Step 3: Add Windows groups to the administrator authorization rolesStep 1: Create the business management administrator Windows groups
If you have already created a business management administrator group and the same users will access the Starter Site, you can skip this step. However, if you have a different set of users for the Starter Site, you must create different business management administrator groups.
For instructions about how to create a local Windows group, see "To create a local group" in Windows Help. You must create four administrator groups: ssCatalogAdminGroup, ssMarketingAdminGroup, ssProfilesAdminGroup, and ssOrdersAdminGroup.
Note |
---|
These represent the minimum number of Windows groups to define. For descriptions about each predefined role, see "Managing Authorization Policies" in Commerce Server 2007 Help. |
Follow these steps to create the local Windows groups for business management administrators.
On the desktop, right-click My Computer, and then click Manage.
On the Computer Management screen, under System Tools, expand Local Users and Groups.
Right-click Groups, and then click New Group.
In the New Group dialog box, do the following:
Use this To do this Group name
Type the group name.
Description
Optionally, type a description for this group account.
Add
Click Add to select members to add to the group.
Add all user accounts that you want to the administrative group.
Click Create.
Repeat steps 4 and 5 for the other required administrator groups.
Click Close.
Click the Groups folder and verify that the following groups are in the list:
- ssCatalogAdminGroup
- ssMarketingAdminGroup
- ssProfilesAdminGroup
- ssOrdersAdminGroup
- ssCatalogAdminGroup
Step 2: Add users to the business management administrator Windows groups
Follow these steps to add users to the administrator groups you created in step 1. At a minimum, add your account, the <CS Installer> account, to each administrator group. You do this so that you will be able to open the Business Management applications after you install them.
On the desktop, right-click My Computer, and then click Manage.
On the Computer Management screen, under System Tools, expand Local Users and Groups.
Click Groups.
In the right pane, right-click one of the Groups that you created in step 1, for example, ssCatalogAdminGroup, and then click Properties.
In the <Group Name> Properties dialog box, click Add.
In the Enter object name to select box, type the name of the user account that you want to add to the administrator group. Click Check Names to verify the name is an authorized account, and then click OK.
Repeat Steps 5 and 6 for each user account that you want to add to the selected administrator group.
Click OK to close the Properties dialog box.
Repeat Steps 4 through 8 for each administrator group.
Step 3: Add Windows groups to the administrator authorization roles
You use Authorization Manager to add individual users or user groups to a role. Authorization Manager, a Windows Server 2003 security tool, provides a role-based security model that you use to set permissions. With role-based access control, you specify access control in relation to the organizational structure of your company. For more information about Authorization Manager, see
The following table lists the minimum set of authorization roles, and their corresponding authorization stores, that you must define.
Authorization Store | Authorization Role |
---|---|
CatalogAuthorizationStore.xml | Administrator |
MarketingAuthorizationStore.xml | MarketingAdministrator |
OrdersAuthorizationStore.xml | OrdersAdministrator |
ProfilesAuthorizationStore.xml | ProfileAdministrator |
Follow these steps to add business users or groups to the authorization roles.
Click Start, click Run, type azman.msc, and then click OK.
In the Authorization Manager screen, right-click Authorization Manager, and then click Open Authorization Store.
In the Open Authorization Store dialog box, verify that the XML file option is selected, and then click Browse to locate the authorization policy for the Web service. For example, the catalog authorization policy XML file is located at <drive:>\Inetpub\Wwwroot\ssCatalogWebService.
Select <authorization policy name>.xml, and then click Open.
In the Open Authorization Store dialog box, click OK.
Expand the authorization policy to \<authorization policy name>.xml\<System name>\Role Assignments\<Role name>. For example, \CatalogAuthorizationStore.xml\CatalogandInventorySystem\Role Assignments\CatalogAdministrator.
Right-click <Role name>, and then click Assign Windows Users and Groups.
In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type the name of the catalog administrator Windows group that you defined in the previous procedure, for example, ssCatalogAdminGroup. Alternatively, you can also type the name of an individual business user account. Click OK.
Repeat steps 2 through 8 for each authorization role in each Web service authorization store. When complete, you will have defined the following:
Authorization Store Authorization Role Administrator Group CatalogAuthorizationStore.xml
Administrator
ssCatalogAdminGroup
MarketingAuthorizationStore.xml
MarketingAdministrator
ssMarketingAdminGroup
OrdersAuthorizationStore.xml
OrdersAdministrator
ssOrdersAdminGroup
ProfilesAuthorizationStore.xml
ProfileAdministrator
ssProfilesAdminGroup
No comments:
Post a Comment