Add a new view using a new policy
To add a new view that is accessible by a new role that does not have an existing role-based policy, create an XML file.
<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> <!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd"> <Policies> <Action Name="MyNewView" CommandName="MyNewView"> </Action> <ActionGroup Name="XYZViews" OwnerID="RootOrganization"> <ActionGroupAction Name="MyNewView"/> </ActionGroup> <Policy Name="XYZExecuteXYZViews" OwnerID="RootOrganization" UserGroup="XYZ" ActionGroupName="XYZViews" ResourceGroupName="ViewCommandResourceGroup" PolicyType="groupableStandard"> </Policy> <PolicyGroup Name="ManagementAndAdministrationPolicyGroup" OwnerID="RootOrganization"> <PolicyGroupPolicy Name="XYZExecuteXYZViews" PolicyOwnerId="RootOrganization" /> </PolicyGroup> </Policies>
- Create a new action definition in the XML file that has the view name MyNewView. This can be any name that you choose.
<Action Name=" MyNewView CommandName=" MyNewView"> </Action>- Create a new action group to be associated with the new role:
<ActionGroupName=" XYZViews" OwnerID="RootOrganization"> </ActionGroup>Where XYZViews is the name of your action group. The OwnerID for action groups should always be RootOrganization.
- Associate the new action with the new action group:
<ActionGroupName=" XYZViews" OwnerID="RootOrganization"> <ActionGroupAction Name=" MyNewView"/></ActionGroup>Where XYZViews is your action group, and MyNewView is the action you created.
- Create a policy that references the new action group:
<Policy Name=" XYZExecuteXYZViews" OwnerID="RootOrganization" UserGroup="XYZ" ActionGroupName=" XYZViews" ResourceGroupName="ViewCommandResourceGroup" PolicyType="groupableStandard"> </Policy>Where XYZExecuteXYZViews is your policy name and XYZViews is your action group. In WebSphere Commerce 5.5, because of the policy subscription model, the OwnerID for groupable standard and groupable template policies is not used to determine to which resources a policy will apply. The OwnerID value is currently used only by the Administration Console when viewing policies by organization (owner). If a policy is to apply to multiple organizations, IBM recommends that the OwnerID be set to the common ancestor organization such as Root Organization. If a policy is to apply only to a specific organization, IBM recommends that the OwnerID be set to that organization's orgentity_id.
- Include the new policy in the appropriate policy group. By default, most role-based policies are put into ManagementAndAdministrationPolicyGroup, which should be applied to all organizations.
<PolicyGroupName="ManagementAndAdministrationPolicyGroup" OwnerID="RootOrganization"> <PolicyGroupPolicy Name="XYZExecuteXYZViews" PolicyOwnerId="RootOrganization"/> </PolicyGroup>Where the PolicyOwnerId value must be the same as the OwnerID value used in the policy definition.
- Load your XML changes into the database. For more information about loading the XML changes, see Loading access control policy data.
- Update the Access Control Policies Registry in the Administration Console by doing the following:
- Logon to the Administration Console as a Site Administrator.
- Click Configuration > Registry.
- From the list of registries, select Access Control Policies.
- Click Update.
You can now use your view.
Related Concepts
Authorization
Related tasks
Define access control policy elements using XML
Add a new view using existing policies
Loading access control policy data
Related Reference
Access control files