Secure > Authorization > Customize default access control policies > Examples: Customizing access control policies using the Organization Administration Console


Example: Removing the ability of contract managers to add or delete attachments to contracts

By default, contract managers for a store can add or delete attachments to contracts they manage. In some cases, you might not want to grant this authority to contract managers.

In this example, we will change a resource-level policy that defines the actions that a contract manager can take.

To remove the authority of contract managers to add or delete attachments to contracts, do the following:


Identify the resource-level policy and action group

  1. Determine the resource-level policy to be changed. The policy is:

    ContractManagersForOrgExecuteContractManageCommandsOnContractResource

  2. From the Organization Administration Console, click Access Management > Policies.

  3. For View, select Root Organization to display the policies that it owns.

  4. Locate the policy in the list.

  5. Note the name of the policy's action group--ContractManage. This is the action group change to remove the actions for adding and deleting attachments.


Remove the actions for adding and deleting attachments from the policy's action group

  1. Click Access Management > Action Group.

  2. From the list of action groups, select ContractManage.

  3. Click Change to display the Change Resource Group page.

  4. From the Selected Actions list, select the following actions: com.ibm.commerce.contract.commands.ContractAttachmentAddCmd com.ibm.commerce.contract.commands.ContractAttachmentDeleteCmd.

  5. Click Remove.

  6. Click OK.


Update the access control policy registry with the changes

  1. Open the Administration Console.

  2. Click Configuration > Registry.

  3. From the list of registries, select Access Control Policies.

  4. Click Update.


+

Search Tips   |   Advanced Search