Secure > Authorization > Customize default access control policies > Examples: Customizing access control policies using the Organization Administration Console
Example: Limiting auction bidding to buyers
By default, all registered users are permitted to bid for products being auctioned at a store, regardless of their position in their organization. In some cases, you may want to limit bidding to a restricted group of users such as those assigned the buyer role in WebSphere Commerce.
In this example, we will change a resource-level policy, as well as its associated role-based policy.
To limit bidding to members of a buying organization with the buyer role, do the following:
- Determine the resource-level policy that specifies who can create an auction bid.
- Change the policy's access group from all registered users, to those with the buyer role.
- Rename the policy, description, and display name.
- Identify the command for creating bids.
- Determine the role-based policy for buyers (buy-side). This policy defines the commands that users with the Buyer (Buy-side) role can execute. You must update this policy's resource group to permit buyers to execute the command for creating bids.
- Update this role-based policy's resource group to include the command for creating bids.
Change the access group for the policy
- Click Change to display the Change Policy page.
- For User Group, click Find and select Buyers (Buy-side).
- Click OK.
- Rename the policy, display name, and description of the policy, by editing their text.
- Click OK.
Identify the command for creating bids
- Click Access Management > Action Groups.
- From the list of action groups, select BidCreate.
- Click Change to display the Change Action Group page. Note the name of the command for creating bids: com.ibm.commerce.negotiation.commands.BidSubmitCmd. You must add this command to the resource group that contains the list of commands a buyer can execute.
Identify the role-based policy and resource group for the Buyer (Buy-side) role
- Determine the role-based policy for buyers (buy-side). The policy is:
Buyers(buy-side)ExecuteBuyers(buy-side)CommandsResourceGroup.
- Click Access Management > Policies.
- For View, select Root Organization to display the site-level policies.
- Note the name of the resource group: Buyers(buy-side)CommandsResourceGroup. Now you have the name of the resource group update.
Update the resource group in the role-based policy to include the command for creating bids
- Click Access Management > Resource Groups.
- Select Buyers(Buy-side)CommandsResourceGroup.
- Click Change to display the Change Resource Group page.
- Click Next to display the Details page.
- From the Available Resources list, select com.ibm.commerce.negotiation.commands.BidSubmitCmd. This is the command for creating bids.
- Click Add to add the command to the resource group.
- Click Finish.
Update the access control policy registry with the changes
- Open the Administration Console.
- Click Configuration > Registry.
- From the list of registries, select Access Control Policies.
- Click Update.