Language-independent access control policy bootstrap file
defaultAccessControlPolicies.xml is a language-independent XML file that populates the access control database tables with information. You may want to access this file to find out specific information, such as attributes, actions, relationships, resource categories, action groups, resource groups, policy groups, policies, and policy group subscription.
The types of information and database tables populated by defaultAccessControlPolicies.xml include the following:
Database Table Type of Information Code Sample ACPOLGRP Stores all of the access control policy groups in the system. <PolicyGroup Name="CommonShoppingPolicyGroup" OwnerID="RootOrganization"> </PolicyGroup>ACPOLGPPOL
Includes policies into a policy group. <PolicyGroupPolicy Name="SiteAdministratorsCanDoEverything" PolicyOwnerId="RootOrganization" />ACPLGPSUBS
Allows organizational entities to subscribe to the specified policy group. <PolicyGroupSubscription OrganizationID="RootOrganization"/>ACRELGRP
Stores all of the relationship groups in the system. <RelationGroup Name="MemberOf->BuyerOrganizationalEntity" OwnerID="RootOrganization"> <RelationCondition><![CDATA[ <profile> <openCondition name="RELATIONSHIP_CHAIN"> <parameter name="HIERARCHY" value="child"/> <parameter name="RELATIONSHIP" value="BuyingOrganizationalEntity"/> </openCondition> </profile> ]]></RelationCondition> </RelationGroup>
ACACTACTGPStores the association between actions and action groups. <ActionGroupAction Name="AllCommands"/>
ACACTGRPStores the action groups. <ActionGroup Name="DoEverything" OwnerID="RootOrganization"/>
ACACTIONMaster list of all the actions in the system. <Action Name="AllCommands" CommandName="*"/>
ACATTRMaster list of the attributes that various resources can be grouped on. These attributes can be used to form implicit resource groups. <Attribute Name="Status" Type="String"> </Attribute>
ACPOLICYStores all the access control policies in the system <Policy Name="SiteAdministratorsCanDoEverything" OwnerID="RootOrganization" UserGroup="SiteAdministrators" ActionGroupName="DoEverything" ResourceGroupName="AllResourceGroup" PolicyType="groupableStandard"> </Policy>
ACRELATIONThis is a master list of all the relationships that exist in the system. <Relation Name="owner"/>
ACRESACTStores the actions that can be performed on a resource category. This is used only by the Tools, and not for policy evaluation. <ResourceAction Name="DisplayDatabean"/>
ACRESATRELStores the attributes of a resource category, upon which the resource category can be grouped. This is used only by the Organization Administration Console tool, and not for policy evaluation. <ResourceAttributes Name="Status" AttributeTableName="ORDERS" AttributeColumnName="STATUS" ResourceKeyColumnName="ORDERS_ID"/>
ACRESCGRYStores all the resource categories in the system and the metadata information about them. <ResourceCategory Name="com.ibm.commerce.catalog.commands. ProductDisplayCmdResourceCategory" ResourceBeanClass="com.ibm.commerce.catalog. commands.ProductDisplayCmd"> </ResourceCategory>
ACRESGPRESExplicitly includes resource categories into resource groups, based on the resource category classname. <ResourceGroupResource Name="Object" />
ACRESGRPThis is a master list of all the resource groups in the system <ResourceGroup Name="AllResourceGroup" OwnerID="RootOrganization"> </ResourceGroup>
ACRESPRIMStores the primary resource column names for a resource. <ResourcePrimaryColumns PrimaryResourceKeyColumn="users_id"/>
ACRESRELStores the relationships that are supported by a resource category. This is used only by the Organization Administration Console tool, and not for policy evaluation. <ResourceRelation Name="owner" RelationTable="users" RelationKeyColumn="users_id" RelationMemberColumn="users_id"/>IBM recommends that you do not modify any of the bootstrap files. If modified, an instance may not be created successfully and this could result in a major support issue. If changes are needed to the bootstrap access control policy information, after instance creation, it is best to copy the bootstrap file, modify it as needed, and then load the new access control policy definition file.
Related concepts