Add a new controller command using a new policy

To add a new controller command to be accessed by a new role, that does not have an existing role-based policy, create an XML file.

For example:

<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">

<Policies>

<ResourceCategory 
Name="com.xyz.commands.MyNewControllerCmdResourceCategory"
               
ResourceBeanClass="com.xyz.commands.MyNewControllerCmd">

        <ResourceAction Name="ExecuteCommand"/>
</ResourceCategory>  

<ResourceGroup Name="XYZCmdResourceGroup"
OwnerID="RootOrganization">
        <ResourceGroupResource
Name="com.xyz.commands.MyNewControllerCmdResourceCategory"/>
</ResourceGroup>
        
<Policy Name="XYZExecuteXYZsCmdResourceGroup"
              OwnerID="RootOrganization"
              UserGroup="XYZ"
              ActionGroupName="ExecuteCommandActionGroup"
              ResourceGroupName="XYZCmdResourceGroup"
              PolicyType="groupableStandard">
 </Policy>
        
<PolicyGroup Name="ManagementAndAdministrationPolicyGroup"
OwnerID="RootOrganization">
        <PolicyGroupPolicy Name="XYZExecuteXYZsCmdResourceGroup"
PolicyOwnerId="RootOrganization"/>
</PolicyGroup>       

</Policies>

1. Create a new resource definition in the XML file that corresponds with the interface name of the controller command. See Adding a new controller command using existing policies step one, for an example.

2. Create a new resource group to be associated with the new role:

   <ResourceGroup Name="
   XYZCmdResourceGroup" OwnerID="RootOrganization">
   </ResourceGroup>
   
   
   

3. Associate the new resource with the new resource group:

   <ResourceGroup Name="
   XYZCmdResourceGroup" OwnerID="RootOrganization">
           <ResourceGroupResource Name="com.
   xyz.commands.
   MyNewControllerResourceCategory"/>
   </ResourceGroup>
   
   
   

4. Create a policy that references your new resource group:

   <Policy Name="
   XYZExecute
   XYZsCmdResourceGroup"
           OwnerID="RootOrganization"
           UserGroup="
   XYZ"
           ActionGroupName="ExecuteCommandActionGroup"
           ResourceGroupName="
   XYZCmdResourceGroup"
           PolicyType="groupableStandard">
   </Policy>
   
   
   

5. Load your XML changes into the database. For more information about loading the XML changes, see Loading your changes into the database.

6. Update the Access Control Policies Registry in the Administration Console by doing the following:

   1. Logon to the Administration Console as a Site Administrator.

   2. Click Configuration > Registry.

   3. From the list of registries, select Access Control Policies.

   4. Click Update.

You can now use your controller command if it is not doing any resource-level checking.

 

Related Concepts

Authorization
Understanding access control

 

Related tasks

Protecting resources
Protecting controller commands
Define access control policy elements using XML
Add a new controller command using existing policies
Modifying the resource-level access control of an existing policy
Modifying the command-level access control for a controller command

 

Related Reference

Access control files