Role-based policies

The following are the role-based policies for each default role in WebSphere Commerce:

The following table displays the role-based policies by role, access group, resource group, and view.

Notes:

  1. Most items in the table except for the Role column have been split across each cell for display purposes as they are lengthy.

  2. Not all of the roles shown in the following table are defined roles in WebSphere Commerce. See the notes following the table for details.

  3. The SiteAdministratorsCanDoEverything policy is a special default policy that grants super-user access to administrators with the Site Administrator role. In this policy, a Site Administrator can perform any action on any resource, even if those actions or resources have not been defined. It is important to be aware of this when assigning this role to users.

Table 1. Role-based policies by role, access group, resource group, and view
Role Access Group used in role-based policies Resource Group used in role-based policies for Controller commands Action Group used in role-based policies for Views
Account Representative Account Representatives AccountRepresentativesCmd ResourceGroup AccountRepresentatives Views
All Users4 AllUsers ResellerUserCmd ResourceGroup5 ResellerUserViews5
AllSiteUserCmd ResourceGroup6 AllSiteUsersViews6
Buyer (buy-side) Buyers(buy-side) Buyers(buy-side) CommandsResourceGroup Buyers(buy-side)Views
Buyer (sell-side) Buyers(sell-side) Buyers(sell-side) CommandsResourceGroup Buyers (sell-side)Views
Buyer Administrator BuyerAdministrators BuyerAdministrators CommandsResource Group BuyerAdministrators Views
Buyer Approver BuyerApprovers BuyerApproversCmd ResourceGroup BuyerApproversViews
Category Manager CategoryManagers CategoryManagers CmdResourceGroup CategoryManagersViews
Channel Manager ChannelManagers ChannelManagersCmd ResourceGroup ChannelManagersViews
Customer Service Representative CustomerService Representatives CustomerService RepCmdResourceGroup CustomerService Representative Views
Customer Service Supervisor CustomerService Supervisors CustomerService Supervisor CmdResourceGroup CustomerService SupervisorViews
Guest1 Guests GuestUsersCmd ResourceGroup GuestUsersViews
Logistics Manager LogisticsManagers LogisticsManagersCmd ResourceGroup LogisticsManagersViews
Marketing Manager MarketingManagers MarketingManager CmdResourceGroup MarketingManagersViews
Non-Rejected User3 NonRejectedUsers NonRejectedUserCommands ResourceGroup NonRejectedUsersViews
Operations Manager OperationsManagers OperationsManagersCmd ResourceGroup OperationsManagersViews
Pick Packer PickPackers PickPackersCmd ResourceGroup PickPackersViews
Procurement Buyer ProcurementBuyers ProcurementBuyersCmd ResourceGroup n/a
Product Manager ProductManagers ProductManagers CmdResourceGroup ProductManagersViews
Receiver Receivers ReceiversCmdResourceGroup ReceiversViews
Registered Approved User2 RegisteredApproved Users RegisteredApprovedUsers CommandsResourceGroup RegisteredApproved UsersViews
Registered Customer (with OrgandAncestorOrgs role qualifier) Registered CustomersForOrg RegisteredUserCmd ResourceGroup RegisteredUserViews
Returns Administrator ReturnsAdministrators ReturnsAdministratorsCmd ResourceGroup ReturnsAdministrators Views
Sales Manager SalesManagers SalesManagersCmd ResourceGroup SalesManagersViews
Seller Administrator Seller Administrators SellerAdministrators CommandsResourceGroup SellerAdministrators Views
Seller Sellers SellersCmdResourceGroup SellersViews
Site Administrator SiteAdministrators n/a n/a
Workspace Manager WorkspaceManagers WorkspaceManagersCmdResourceGroup WorkspaceManagersViews
Attachment Manager AttachmentManagers AttachmentManagersCmdResourceGroup n/a
Workspace Taskgroup Approver WorkspaceTaskgroupApprovers WorkspaceTaskgroupApproversViews WorkspaceTaskgroupApproversCmdResourceGroup
Workspace Content Contributors WorkspaceContentContributors WorkspaceContentContributorsViews WorkspaceContentContributorsCmdResourceGroup
Notes:

  1. "Guest" is not a true role. Users who have a registration status set to "G" (the USER.REGISTERTYPE column is set to "G") implicitly belong to the Guests access group.

  2. "Registered Approved User" is not a true role. Users who have a registration status set to "R" (the USER.REGISTERTYPE column column is set to "R") and whose status is approved (the MEMBER.STATE column is set to 1 ) implicitly belong to the RegisteredApprovedUsers access group.

  3. "Non-Rejected User" is not a true role. Users whose registration status is not-rejected (MEMBER.STATE column is not set to 2) implicitly belong to the NonRejectedUsers access group.

  4. "All Users" is not a true role. All users in the system implicitly belong to the AllUsers access group.

  5. These action groups and resource groups belong to policies that are part of the B2CPolicyGroup. This policy group likely applies only to organizations that follow the B2C business model.

  6. These action groups and resource groups belong to policies that are part of the ManagementAndAdministrationPolicyGroup. This policy group likely applies to all organizations.

Related concepts

Roles mapped to business models

Related tasks

Customizing default access control policies


Related Reference

Default access control policies

Default access control policy groups

Resource-level policies

Examples: Customizing access control policies using the Organization Administration Console