Keeping Credit Card Details hidden from an admin role

From AbleCommerce Wiki
Jump to: navigation, search

You can change the permissions in the web.config file under the Admin/Payments folder. For example if you have Order Manager with the access to view the Credit Card details. Here is the web.config file with Order Manger in the allowed roles

<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
  <system.web>
    <authorization>
      <allow roles="System,Admin,Jr. Admin,Manage Orders" />
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

You can restrict the Order Manager so that he/she can't see the credit card information as bellow by just removing the Manage Orders from the allowed roles

<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
  <system.web>
    <authorization>
      <allow roles="System,Admin,Jr. Admin" />
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

Reference

Originally posted in forums by Judy Estep http://forums.ablecommerce.com/viewtopic.php?f=42&t=8422