Role-based policies
The following are the role-based policies for each default role in WebSphere Commerce:
- AccountRepresentativesExecuteAccountRepresentativesViews
- AccountRepresentativesExecuteAccountRepresentativesCmdResourceGroup
- AllUsersExecuteAllSiteUserCmdResourceGroup
- AllUsersExecuteAllSiteUsersViews
- AllUsersExecuteResellerUserCmdResourceGroup
- AllUsersExecuteResellerUserViews
- BecomeUserCustomerServiceGroupExecutesBecomeUserCmdsResourceGroup
- BuyerAdministratorsExecuteBuyerAdministratorsViews
- BuyerAdministratorsExecuteBuyersAdministratorsCommands
- BuyerApproversExecuteBuyerApproversCmdResourceGroup
- BuyerApproversExecuteBuyerApproversViews
- Buyers(buy-side)ExecuteBuyers(buy-side)CommandsResourceGroup
- Buyers(buy-side)ExecuteBuyers(buy-side)Views
- Buyers(sell-side)ExecuteBuyers(sell-side)CommandsResourceGroup
- Buyers(sell-side)ExecuteBuyers(sell-side)Views
- CategoryManagersExecuteCategoryManagersCmdResourceGroup
- CategoryManagersExecuteCategoryManagersViews
- ChannelManagersExecuteChannelManagersCommands
- ChannelManagersExecuteChannelManagersViews
- CustomerServiceRepresentativesExecuteCustomerServiceRepresentativeViews
- CustomerServiceRepresentativesExecuteCustomerServiceRepCmdResourceGroup
- CustomerServiceSupervisorsExecuteCustomerServiceSupervisorViews
- CustomerServiceSupervisorsExecuteCustomerServiceSupervisorCmdResourceGroup
- CustomersExecuteCustomersViews
- LogisticsManagersExecuteLogisticsManagersCmdResourceGroup
- LogisticsManagersExecuteLogisticsManagersViews
- MarketingManagersExecuteMarketingManagerCmdResourceGroup
- MarketingManagersExecuteMarketingManagersViews
- OperationsManagersExecuteOperationsManagersCmdResourceGroup
- OperationsManagersExecuteOperationsManagersViews
- PickPackersExecutePickPackersCmdResourceGroup
- PickPackersExecutePickPackersViews
- ProcurementBuyersExecuteProcurementBuyersCmdResourceGroup
- ProductManagersExecuteProductManagersCmdResourceGroup
- ProductManagersExecuteProductManagersViews
- ReceiversExecuteReceiversCmdResourceGroup
- ReceiversExecuteReceiversViews
- RegisteredApprovedUsersExecuteRegisteredApprovedUsersCommandsResourceGroup
- RegisteredApprovedUsersExecuteRegisteredApprovedUsersViews
- RegisteredCustomersForOrgExecuteRegisteredUserCmdResourceGroup
- RegisteredCustomersForOrgExecuteRegisteredUserViews
- ReturnsAdministratorsExecuteReturnsAdministratorsCmdResourceGroup
- ReturnsAdministratorsExecuteReturnsAdministratorsViews
- SalesManagersExecuteSalesManagersCmdResourceGroup
- SalesManagersExecuteSalesManagersViews
- SellerAdministratorsExecuteSellerAdministratorsCommands
- SellerAdministratorsExecuteSellerAdministratorsViews
- SellersExecuteSellersCmdResourceGroup
- SellersExecuteSellersViews
- SiteAdministratorsCanDoEverything
- WorkspaceManagersExecuteWorkspaceManagersViews
- WorkspaceManagersExecuteWorkspaceManagersCmdResourceGroup
- AttachmentManagersExecuteAttachmentManagersCmdResourceGroup
- WorkspaceTaskgroupApproversExecuteWorkspaceTaskgroupApproversViews
- WorkspaceTaskgroupApproversExecuteWorkspaceTaskgroupApproversCmdResourceGroup
- WorkspaceContentContributorsExecuteWorkspaceContentContributorsViews
- WorkspaceContentContributorsExecuteWorkspaceContentContributorsCmdResourceGroup
The following table displays the role-based policies by role, access group, resource group, and view.
Notes:
- Most items in the table except for the Role column have been split across each cell for display purposes as they are lengthy.
- Not all of the roles shown in the following table are defined roles in WebSphere Commerce. See the notes following the table for details.
- The SiteAdministratorsCanDoEverything policy is a special default policy that grants super-user access to administrators with the Site Administrator role. In this policy, a Site Administrator can perform any action on any resource, even if those actions or resources have not been defined. It is important to be aware of this when assigning this role to users.
Table 1. Role-based policies by role, access group, resource group, and view Role Access Group used in role-based policies Resource Group used in role-based policies for Controller commands Action Group used in role-based policies for Views Account Representative Account Representatives AccountRepresentativesCmd ResourceGroup AccountRepresentatives Views All Users4 AllUsers ResellerUserCmd ResourceGroup5 ResellerUserViews5 AllSiteUserCmd ResourceGroup6 AllSiteUsersViews6 Buyer (buy-side) Buyers(buy-side) Buyers(buy-side) CommandsResourceGroup Buyers(buy-side)Views Buyer (sell-side) Buyers(sell-side) Buyers(sell-side) CommandsResourceGroup Buyers (sell-side)Views Buyer Administrator BuyerAdministrators BuyerAdministrators CommandsResource Group BuyerAdministrators Views Buyer Approver BuyerApprovers BuyerApproversCmd ResourceGroup BuyerApproversViews Category Manager CategoryManagers CategoryManagers CmdResourceGroup CategoryManagersViews Channel Manager ChannelManagers ChannelManagersCmd ResourceGroup ChannelManagersViews Customer Service Representative CustomerService Representatives CustomerService RepCmdResourceGroup CustomerService Representative Views Customer Service Supervisor CustomerService Supervisors CustomerService Supervisor CmdResourceGroup CustomerService SupervisorViews Guest1 Guests GuestUsersCmd ResourceGroup GuestUsersViews Logistics Manager LogisticsManagers LogisticsManagersCmd ResourceGroup LogisticsManagersViews Marketing Manager MarketingManagers MarketingManager CmdResourceGroup MarketingManagersViews Non-Rejected User3 NonRejectedUsers NonRejectedUserCommands ResourceGroup NonRejectedUsersViews Operations Manager OperationsManagers OperationsManagersCmd ResourceGroup OperationsManagersViews Pick Packer PickPackers PickPackersCmd ResourceGroup PickPackersViews Procurement Buyer ProcurementBuyers ProcurementBuyersCmd ResourceGroup n/a Product Manager ProductManagers ProductManagers CmdResourceGroup ProductManagersViews Receiver Receivers ReceiversCmdResourceGroup ReceiversViews Registered Approved User2 RegisteredApproved Users RegisteredApprovedUsers CommandsResourceGroup RegisteredApproved UsersViews Registered Customer (with OrgandAncestorOrgs role qualifier) Registered CustomersForOrg RegisteredUserCmd ResourceGroup RegisteredUserViews Returns Administrator ReturnsAdministrators ReturnsAdministratorsCmd ResourceGroup ReturnsAdministrators Views Sales Manager SalesManagers SalesManagersCmd ResourceGroup SalesManagersViews Seller Administrator Seller Administrators SellerAdministrators CommandsResourceGroup SellerAdministrators Views Seller Sellers SellersCmdResourceGroup SellersViews Site Administrator SiteAdministrators n/a n/a Workspace Manager WorkspaceManagers WorkspaceManagersCmdResourceGroup WorkspaceManagersViews Attachment Manager AttachmentManagers AttachmentManagersCmdResourceGroup n/a Workspace Taskgroup Approver WorkspaceTaskgroupApprovers WorkspaceTaskgroupApproversViews WorkspaceTaskgroupApproversCmdResourceGroup Workspace Content Contributors WorkspaceContentContributors WorkspaceContentContributorsViews WorkspaceContentContributorsCmdResourceGroup Notes:
- "Guest" is not a true role. Users who have a registration status set to "G" (the USER.REGISTERTYPE column is set to "G") implicitly belong to the Guests access group.
- "Registered Approved User" is not a true role. Users who have a registration status set to "R" (the USER.REGISTERTYPE column column is set to "R") and whose status is approved (the MEMBER.STATE column is set to 1 ) implicitly belong to the RegisteredApprovedUsers access group.
- "Non-Rejected User" is not a true role. Users whose registration status is not-rejected (MEMBER.STATE column is not set to 2) implicitly belong to the NonRejectedUsers access group.
- "All Users" is not a true role. All users in the system implicitly belong to the AllUsers access group.
- These action groups and resource groups belong to policies that are part of the B2CPolicyGroup. This policy group likely applies only to organizations that follow the B2C business model.
- These action groups and resource groups belong to policies that are part of the ManagementAndAdministrationPolicyGroup. This policy group likely applies to all organizations.
Related concepts
Roles mapped to business models
Related tasks
Customizing default access control policies
Related Reference
Default access control policies
Default access control policy groups
Examples: Customizing access control policies using the Organization Administration Console