Secure > Authorization > Customize default access control policies > Examples: Customizing access control policies using the Organization Administration Console


Example: Removing the ability of users to self-register

By default users are permitted to self-register if they belong to a registered organization. Membership administrators are also authorized to register users that belong to their organization. For sites that require strictly controlled access, it might be necessary to remove the ability to self-register and require that users be registered by membership administrators.

Note: In WebSphere Commerce Professional Edition, there are only three organizations, Root Organization, Default Organization and Seller Organization.

In this example, we will remove the resource-level policy that permits users to self-register but leave in place a policy that permits membership administrators to register users in their organization.

To delete the resource-level policy that allows users to self-register, do the following:


Delete the policy

  1. Determine the resource-level policy that allows users to self-register. The policy is: GuestsExecuteUserSelfRegistrationCommandsOnOrganizationResource.

  2. From the Organization Administration Console, click Access Management > Policies.

  3. For View, select Root Organization to display policies that it owns.

  4. From the list of policies, select GuestsExecuteUserSelfRegistrationCommandsOnOrganizationResource

  5. Click Delete.


Update the access control policy registry with the changes

  1. Open the Administration Console.

  2. Click Configuration > Registry.

  3. From the list of registries, select Access Control Policies.

  4. Click Update.

  5. Repeat steps 3 and 4 for the Access Control Policy Groups Registry.


+

Search Tips   |   Advanced Search