Technical stuff, technology

  You can setup the website in your local environment and use the DnSpy tool to debug to any library   without its source code.    Please refer the belows steps to know how to debug with DnSpy: 1- Download the dnSpy ( https://github.com/dnSpy/dnSpy/releases/tag/v6.1.8 )  to your computer and  Run the dnSpy.exe as Administrator 2- Select Debug > Attach to Process, choose  w3wp.exe or iisexpress.exe 3- Select Debug > Windows > Modules tab window, search the customer DLL filename and copy the file path. This path is the actual the assembly runs in IIS website. Depend on your case, choose the *.dll file 4- Open this Dll file path in dnSpy, go to the class / method we want to debug () 5- Set the Breakpoint and start Debug like in the Visual Studio

In some cases, you uploaded an asset through Service API. And then you want to update its properties later. You can create a custom endpoint to implement it and we want to reuse the authentication, routing  of ServiceAPI: https://github.com/KhanhPham2411/Episerver-util-api/blob/master/service-api/ItemAssetController using EPiServer.ServiceApi.Configuration; using EPiServer.ServiceApi.Validation; using EPiServer.ServiceApi.Commerce.Controllers.Catalog; using ControllerBase = EPiServer.ServiceApi.Commerce.Controllers.Catalog.ControllerBase; using AuthorizePermissionAttribute = EPiServer.ServiceApi.Configuration.AuthorizePermissionAttribute; using EPiServer.ServiceApi.Commerce; using Foundation.Features.Media; using EPiServer.DataAccess; using EPiServer.Security; using System.Configuration.Provider; namespace Foundation.Custom {     [Route("episerverapi/commerce")]     [RequireHttpsOrClose]     [ValidateReadOnlyMode(AllowedVerbs = HttpVerbs.Get)]   ...

It's the CommerceUIMenuProvider that controls the general menu access, you can configure it in appsettings.json: (Compared to Commerce 13: <add name="CatalogManagers" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="CommerceSales" mode="Any" />) Common roles are: WebAdmins, WebEditors... In case you want to create an access group that enables access to only: Customers Order management Reports As the image below: we could use ReportManagers, CustomerManagers, CustomerServiceRepresentatives:  

  To access Commerce Manager site, we need grant access core:mng:login To access Payment: 3.  Allowing access permision to Order Management left side tabs Notes: The virtual roles only affect front-end site not Commerce manager The functions only affect Commerce Manager not front-end site