To make the job of your infrastructure easier you may want to follow my next piece of advice. When un-packaging a Commerce PUP you get four Web Services to manage your commerce engine. Each Web Service has a different Authorization XML store. Let’s find out what Authorization Manager is.
Authorization Manager (commonly known as AzMan) is a new general-purpose, role-based security architecture for Windows. AzMan is not tied to COM+, so it can be used in any application that needs role-based authorization. Using Authorization Manager, you can define roles and the tasks those roles can perform. You can nest roles to inherit characteristics from other roles, and you can define application groups. In addition, Authorization Manager lets you use scripts to modify permissions dynamically, and it allows you to wrap your security logic in a security policy that can be stored in Active Directory or an XML file. Authorization Manager also includes an easy-to-use API for running access checks. Commerce Server only supports the security policy to be stored in an XML file.
Managing four different AzMan XML files can be difficult to manage. In order to simplify this, we need to merge all files into one AzMan XML Store.
The following is an example of the AzMan XML Store of the Catalog Web Service.
Note that the AzApplication node holds all the information required by AzMan to perform its’ internal policy actions. So we need to create a new XML file then copy the AzApplication node of every Web Service XML file.
Now you can manage one file rather than four different store to ease administration.