Add a new controller command using existing policies
To add a new controller command to be accessed by a new role, that has an existing role-based policy, create an XML file.
For example:
<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> <!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd"> <Policies> <ResourceCategory Name="com.xyz.commands.MyNewControllerCmdResourceCategory" ResourceBeanClass="com.xyz.commands.MyNewControllerCmd"> <ResourceAction Name="ExecuteCommand"/> </ResourceCategory> <ResourceGroup Name="SellersCmdResourceGroup" OwnerID="RootOrganization"> <ResourceGroupResource Name="com.xyz.commands.MyNewControllerCmdResourceCategory"/> </ResourceGroup> </Policies>
- Create a new resource definition in the XML file that corresponds to the interface name of the controller command.
<ResourceCategory Name=" com.xyz.commands.MyNewControllerCmdResourceCategory" ResourceBeanClass=" com.xyz.commands.MyNewControllerCmd"> <ResourceAction Name="ExecuteCommand"/> </ResourceCategory>- Determine which roles should have access to the command and associate the new resource with the corresponding resource groups in the XML file, as in the following example:
<ResourceGroup Name="SellersCmdResourceGroup" OwnerID="RootOrganization"> <ResourceGroupResource Name="com.xyz.commands. MyNewControllerCmdResourceCategory"/> </ResourceGroup>You can change the resource group depending on which role you want to use. For more information about role-based policies see Role-based policies.
- Load your XML changes into the database. For more information about loading the XML changes, see Loading access control policy data.
- Update the Access Control Policies Registry in the Administration Console by doing the following:
- Logon to the Administration Console as a Site Administrator.
- Click Configuration > Registry.
- From the list of registries, select Access Control Policies.
- Click Update.
Since there is already a role-based policy that includes this resource group, you can now use your new controller command, if it is not doing any resource-level checking.
Related Concepts
Authorization
Understanding access control
Related tasks
Protecting resources
Protecting controller commands
Define access control policy elements using XML
Add a new controller command using a new policy
Modifying the resource-level access control of an existing policy
Modifying the command-level access control for a controller command
Related Reference
Access control files