This content is archived. See latest version here

This document provides an introduction to the Customer Management system, a central part where you can add individual organizations, contacts, and Commerce Manager users. From Customer Management you can also create purchase orders for each individual customer account.


  • Organizations - groups or sub-groups of contacts.
  • Contacts - individuals with a certain set of personalized information (name, address, email, etc.). Contacts can be customers or users with Commerce Manager permissions to manage one or more systems.
  • Commerce Manager User - this is a user with an assigned role which provides access to the Commerce Manager site.

Classes referred to here are available in the following namespaces:

Customer management design

The image below provides an overview of the design of Customer Management and the relationship between the various objects. You can create different types of relationships between Business Foundation Objects, refer to the Meta Class References under Business Foundation, section for more information.

Customer Management Overview

Customer groups

Customer groups provide a way to target multiple Customers and Organizations for pricing and promotions. Both the Customer and the Organization expose their own CustomerGroup information, and the Customer has derived property called the EffectiveCustomerGroup which combines the two with the priority on the Organization value. Please see the specific documentation on Customer Groups for additional information.

In pricing and promotions, EffectiveCustomerGroup is used instead of the regular CustomerGroup. The EffectiveCustomerGroup returns the CustomerGroup of the parent Organization, if the CustomerContact belongs to a parent Organization that belongs to a CustomerGroup, or its own otherwise.

Child organizations

To access the child organizations of an organization, you must use EntityObject, a core Business Foundation object. The EntityObject is an important base class for CustomerContact, Organization, and any custom business objects you create. EntityObject has only a property named PrimaryKeyId that you can use to retrieve the full organization object from the CustomerContext singleton.

Example: retrieving organization object

List<Organization> PartnerOrganizations = new List<Organization>(); 
            foreach (object child in PartnerOrganization.GetChildren()) 
              EntityObject obj = child as EntityObject; 
              Organization org = CustomerContext.Current.GetOrganizationById(obj.PrimaryKeyId.Value); 

              if (org != null) 

Security fundamentals


  • Roles are the primary mechanism for configuring authorization.
  • Roles are a stand-alone method of providing an authorization scheme.
  • Roles are configured through the Commerce Manager GUI.
  • Role names are hard coded strings, meaning that code using roles for authorization needs to have semantic knowledge of the role meaning.
  • Each role can have associated permissions.


  • Permissions allow for more complex roles.
  • Permission usage is primarily designed for the Commerce Manager GUI.
  • There is currently no Commerce Manager GUI to create, edit, or delete custom permissions, this must be done manually.
The permissions infrastructure allows for more complex permission management. However, work is required to implement a custom security system with roles, permission hierarchies, and logic.

Security API

  • The CustomerProfile class extends the System.Web.Security.CurrentUserProfile.
  • The CustomerProfile class contains login information.
  • The State property indicates if a user is logged in.
  • The SecurityContext singleton contains methods to check the roles and permissions associated with a user.
  • Permissions are used heavily in the Commerce Manager to distinguish complex rights.
  • Using permissions you can lock down a view in the catalog system to be read-only for some users and give write access to admin users.


Example: Using SecurityContext methods

// Allows you to check whether a user is in a role. 
            // CheckUserInAnyGlobalRoles() 
            // "GlobalRoles" really just means any role (built-in or custom). 

            if (!SecurityContext.Current.CheckUserInGlobalRole(SecurityContext.Current.CurrentUser, "Asset Viewers")) 
              // Add your logic here for handling insufficient permissions. 

            // Allows you to check whether the current user is in a role. 
            // CheckCurrentUserInAnyGlobalRoles() 

            List<SecurityRole> secure = new List<SecurityRole>(); 
            secure.Add(new SecurityRole("Asset Viewers")); 

            if (!SecurityContext.Current.CheckCurrentUserInAnyGlobalRoles(secure)) 
              // Add your logic here for handling insufficient permissions. 

Last updated: Oct 21, 2014