Add a new controller command using existing policies

To add a new controller command to be accessed by a new role, that has an existing role-based policy, create an XML file.

For example:

<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">

<Policies>

 <ResourceCategory
Name="com.xyz.commands.MyNewControllerCmdResourceCategory"
        ResourceBeanClass="com.xyz.commands.MyNewControllerCmd">
        
        <ResourceAction Name="ExecuteCommand"/>
 </ResourceCategory>  

 <ResourceGroup Name="SellersCmdResourceGroup" 
OwnerID="RootOrganization">
        <ResourceGroupResource
Name="com.xyz.commands.MyNewControllerCmdResourceCategory"/>
 </ResourceGroup>

</Policies>


  1. Create a new resource definition in the XML file that corresponds to the interface name of the controller command.
    <ResourceCategory  Name="
    com.xyz.commands.MyNewControllerCmdResourceCategory"
                            ResourceBeanClass="
    com.xyz.commands.MyNewControllerCmd">
                            
                    <ResourceAction Name="ExecuteCommand"/>
    </ResourceCategory>  
    
    
    

  2. Determine which roles should have access to the command and associate the new resource with the corresponding resource groups in the XML file, as in the following example:
    <ResourceGroup Name="SellersCmdResourceGroup" 
    OwnerID="RootOrganization">
                    <ResourceGroupResource Name="com.xyz.commands.
    MyNewControllerCmdResourceCategory"/>
    </ResourceGroup>
    
    
    

    You can change the resource group depending on which role you want to use. For more information about role-based policies see Role-based policies.

  3. Load your XML changes into the database. For more information about loading the XML changes, see Loading access control policy data.

  4. Update the Access Control Policies Registry in the Administration Console by doing the following:

    1. Logon to the Administration Console as a Site Administrator.

    2. Click Configuration > Registry.

    3. From the list of registries, select Access Control Policies.

    4. Click Update.


Since there is already a role-based policy that includes this resource group, you can now use your new controller command, if it is not doing any resource-level checking.

 

Related Concepts


Authorization
Understanding access control

 

Related tasks


Protecting resources
Protecting controller commands
Define access control policy elements using XML
Add a new controller command using a new policy
Modifying the resource-level access control of an existing policy
Modifying the command-level access control for a controller command

 

Related Reference


Access control files