CMS Page Security

Many pages in KommerceServer are database-driven and inherit their access based on the security set for the Application Object(s) related to the page. For example, the series of checkout pages related to the ShopCart object in the WebStore application. Therefore, the user must have create, retrieve, update, and delete access to the ShopCart object in order to have full capabilities throughout the checkout process. A CMS Page which has static content does not relate to any particular object in KommerceServer and is presumed to be accessible by every role by default.

In either case, the normal access to the page is determined by KommerceServer but you can deny access to the page for one or more roles. However, if KommerceServer determines the normal access to a database-driven page is not allowed, you cannot override the page security without enabling access to the related Application Object(s).

To edit security on pages, click the Edit Page Permissions command on the CMS tool bar.

A modal dialog window will show you the current security settings by role. The first two columns in the grid show the role and the normal access to the page as determined by KommerceServer.

The third column can be used to deny access to the page for a particular role. To do this, you click the Deny column cell and select the checkbox to set the value to true. Keep in mind that you can only deny access to those roles that have been granted.

You cannot grant access to those pages that have been denied access initially through the Object Security layer.