Catalog System Security Checklist
We recommend that you follow these steps to set up and help secure the Catalog System:
Install Commerce Server 2009. For information about how to install Commerce Server 2009, see the Commerce Server 2009 Installation and Configuration Guide at https://go.microsoft.com/fwlink/?LinkId=139462.
Assign write permissions to the catalog authorization policy. For information about how to assign write permissions to the authorization policy, see How to Assign Write Permissions to the Authorization Policy.
If you are migrating an existing site to Commerce Server 2009, you must update the authorization policy. For information about how to update the authorization policy, see How to Update the Catalog Authorization Policy.
How to Define New Catalog Roles. Commerce Server grants these users access to the features in Catalog Manager.
If you create a catalog or add languages to catalog then you should add the appropriate users to the catalog set. For example, if you create a catalog you might want to assign users to the CatalogEditor role. Similarly, when you add a new language, you might want to assign users to the CatalogTranslator role. For information about how to add the appropriate users to the authorization policy roles, see Adding Windows Users to the Authorization Policy Roles.
If you create a property then you must update the catalog authorization policy to make sure that the scope for that property is created. For information about how to update your authorization policy, see How to Update the Catalog Authorization Policy.