Access Control Dashboard

Hi,

I would like to secure the admin dashboard. I can use any of the Access Control to give permission to the dashboard, for instance I could use Manage Global Settings to control the access to the dashboard.
Please could somebody help me to understand how the security is enabled in the administration page? I could not figure it out.

-Thanks,

Joel.

jdupont wrote:
Apparently to get access to administration (and dash board), the customer besides having a role that gives access to the functions defined in his, it has to be defined as Is administrator (admin>customers>manage customers>add new/edit>customer info tab)

Thanks Edouard for you reply. Unfortunately I could not find a way in the configuration on NOPcommerce to secure the admin dashboard. Basically I created a customer and I gave him content manager role. Content Manager role in my case gives only "Manage Blog" customer action. With just this action in his role, this customer can still see the Dashboard content. I think it is a bug.
So I would like to secure the dashboard page by adding some code, but I cannot figure it out how the administration page are secured, if somebody could explain, that would help me a lot.

Follow the next steps:
1. Connect to your SQL Server and execute the following command:

IF NOT EXISTS (
    SELECT 1
    FROM [dbo].[Nop_CustomerAction]
    WHERE [SystemKeyword] = N'ManageDashboard')
BEGIN
  INSERT [dbo].[Nop_CustomerAction] ([Name], [SystemKeyword], [Comment], [DisplayOrder])
  VALUES (N'Manage Dashboard', N'ManageDashboard', N'',20)
END
GO

2. Open your solution
3. Open \NopCommerceStore\Administration\Default.aspx.cs file
4. Add the following code:

protected override bool ValidatePageSecurity()
        {
            return this.ACLService.IsActionAllowed("ManageDashboard");
        }

5. Recompile the solution

Then follow the advice of eadameg above

You are the best Andrei.
Thanks, your instructions are very clear, perfect.