Secure > Authorization > Customize default access control policies > Examples: Customizing access control policies using the Organization Administration Console
Example: Allowing only buyers to redeem coupons
By default, all users are permitted to redeem coupons. In some cases, you may want to limit coupon redemption to users with the Buyer (Buy-side) role in WebSphere Commerce.
This topic is deprecated and is provided for backward compatibility only.
In this example, we will change a resource-level policy, as well as its associated role-based policy. To limit coupon redemption to users with the Buyer (Buy-side) role, you need to do the following:
- Determine the resource-level policy that specifies who can redeem a coupon.
- Change the policy's access group from all users, to those with the Buyer (Buy-side) role.
- Identify the command for redeeming coupons.
- Determine the role-based policy for Buyer (buy-side). This policy defines the commands that users with the Buyer (buy-side) role can execute. You must update this policy's resource group to permit buyers to execute the command for redeeming coupons.
- Update this role-based policy's resource group to include the commands for redeeming coupons.
Identify the resource-level policy and its action group
- Identify the resource-level policy to be changed. The policy is:
AllUsersExecuteCouponRedemptionCommandsOnCouponWalletResource
- From the Organization Administration Console, click Access Management > Policies.
- For View, select Root Organization to display policies it owns.
- From the list of policies, select the following:
AllUsersExecuteCouponRedemptionCommandsOnCoupon WalletResource
- Note the name of the policy's action group-- CouponRedemption. This is the action group view to find the name of the commands for redeeming coupons.
Change the access group
- Click Change to display the Change Policy page.
- For User Group, click Find and select Buyers (buy-side).
- Click OK.
- Update the policy's name, display name, and description to reflect the change of access group.
- Click OK.
Identify the commands for redeeming coupons
- Click Access Management > Action Groups.
- From the list of action groups, select CouponRedemption.
- Click Change to display the Change Action Group page. Note the name of the commands for creating bids:
com.ibm.commerce.couponredemption.commands.CouponDSSCmd com.ibm.commerce.couponredemption.commands.UseCouponIdCmd
You must add these commands to the resource group that contains the list of commands a buyer can execute.
Identify the role-based policy for buyers (buy-side)
- Find the role-based policy for buyers (buy-side). The policy is:
Buyers(buy-side)ExecuteBuyers(buy-side)CommandsResourceGroup
- Click Access Management > Policies.
- For View, select Root Organization to display the policies it owns.
- Locate the policy in the list.
- Note the name of the resource group: Buyers(buy-side)CommandsResourceGroup. This is the name of the resource group update.
Update the resource group in the role-based policy to include the command for creating bids
- Click Access Management > Resource Groups.
- Select Buyers(buy-side)CommandsResourceGroup.
- Click Change to display the Change Resource Group page.
- Click Next to display the Details page.
- From the Available Resources list, select com.ibm.commerce.couponredemption.commands.CouponDSSCmd com.ibm.commerce.couponredemption.commands.UseCouponIdCmd. These are the commands for redeeming coupons.
- Click Add to add the commands to the resource group.
- Click Finish.
Update the access control policy registry with the changes
- Open the Administration Console.
- Click Configuration > Registry.
- From the list of registries, select Access Control Policies.
- Click Update.