November 11 2010, 15:03

Episerver CMS User Roles and Commerce Manager Account Roles

Hi,

I have installed Episerver commerce sp1 and sample site package, tried to create a contact and an account for that contact. By default, in commerce manager,  you see Registered and Everyone roles. I have assigned "Admins" role to that contact. After that, i wanted to check if i see same at EpiServer CMS User Information (Admin Mode -> Search User/Group, select that account) page. But no, "Member of" listbox is empty!

Anyone has any idea about that? I do/configure something wrong or a bug or by design?

Best regards,

Aytek


  • November 11 2010, 16:51
    Content is edited
    Content removed by user
  • November 11 2010, 17:27
    Content is edited

    If I create user with the CMS with any roles, it inserts rows into aspnet_UsersInRoles table and user is not visible as a contact(or anywhere) in Commerce Manager. if i create user/contact from Commerce Manager and assign any roles, it inserts rows into Security_RoleAssignment table (no rows for the contact in aspnet_UsersInRoles table). So it seems nothing gets synchronized except user/membership records.

    Btw for the default admin user there are rows both in aspnet_UsersInRoles and Security_RoleAssignment tables (which is the expected behaviour I guess).

    Since Commerce Manager checks Security_RoleAssignment table, it doesn't make any sense if i create user/assign roles from Episerver CMS and will deny access to any commerce manager page.

    So what is the correct way to use with Episerver Commerce? Maybe manually creating an insert trigger for aspnet_usersinroles table and inserting records to Security_RoleAssignment?

    Thanks, Aytek

  • November 12 2010, 8:59

    I think it's by design in Commerce SP1, the Cms userRoles and Commerce userRoles are managed seperately. If you want that, you must do it manually. In next release version of Commerce, it will have synchronization feature to achieve this goal.

  • May 28 2012, 12:58

    I used [mc_Security_RoleAssignmentInsert] to insert the value manually - other wise it gave me access denied message when trying to access commerce server.

  • February 4 2014, 13:50

    Hello,

    Sandeep's workaround is also the solution over here.

    In case anybody needs it, here are the SQL scripts:

    1. first figure out the user id that you need to grant admin access to

    SELECT UserId FROM aspnet_Users u where UserName like 'nikolaos%'

    2. then, using that GUID from the previous select, execute mc_security_roleAssignmentInsert

    DECLARE @RC int
    DECLARE @SecurityRoleAssignmentId uniqueidentifier
    DECLARE @RoleParticipant uniqueidentifier
    DECLARE @Role nvarchar(4000)
    DECLARE @Scope nvarchar(max)
    DECLARE @CheckMode int
    DECLARE @IsOnlyForOwner bit

    -- TODO: Set parameter values here.

    SET @SecurityRoleAssignmentId = NEWID()
    SET @RoleParticipant = 'this is where you paste the guid from the previous select'
    SET @Role = 'Admins'
    SET @Scope = NULL
    SET @CheckMode = 0
    SET @IsOnlyForOwner = 0

    EXECUTE @RC = mc_Security_RoleAssignmentInsert
    @SecurityRoleAssignmentId
    ,@RoleParticipant
    ,@Role
    ,@Scope
    ,@CheckMode
    ,@IsOnlyForOwner
    GO

    and good luck!

     

First   1   Last