Secure > Authorization > Customize default access control policies > Examples: Customizing access control policies using the Organization Administration Console


Example: Permitting only Buyers to create orders

By default, all users are permitted to create orders for products, regardless of their position in their organization. In some cases, you may want to limit the ability to create orders to a restricted group of users, such as the employees of the buying organization. Typically, these employees are assigned the Buyer (buy-side) role for the buying organization.

To limit order creation to users with the Buyer role, do the following:


Identify the resource-level policy

  1. Determine the resource-level policy to be changed. The policy is: AllUsersExecuteOrderCreateCommandsOnStoreResource.

  2. From the Organization Administration Console, click Access Management > Policies.

  3. For View, select Root Organization to display the policies that it owns.

  4. From the list of policies, select AllUsersExecuteOrderCreateCommandsOnStoreResource. Note the name of the policy's action group--OrderCreateCommands. This is the action group view to find the names of the commands for creating an order.


Change the access group

  1. Click Change to display the Change Policy page.

  2. For User Group, click Find and select Buyers (buy-side).

  3. Click OK.

  4. Update the policy's name, display name, and description to reflect the change of access group.

  5. Click OK.


Identify the command for creating orders

  1. Click Access Management > Action Groups.

  2. From the list of action groups, select OrderCreateCommands .

  3. Click Change to display the Change Action Group page. Note the names of the commands for creating orders:

    com.ibm.commerce.order.commands.OrderCopyCmd
    com.ibm.commerce.order.commands.OrderScheduleCmd
    com.ibm.commerce.orderitems.commands.OrderItemMoveCmd
    com.ibm.commerce.orderitems.commands.OrderItemUpdateCmd
    com.ibm.commerce.requisitionlist.commands.RequisitionListSubmitCmd
    com.ibm.commerce.orderitems.commands.OrderItemAddCmd
    com.ibm.commerce.orderquotation.commands.OrderQuotationCreateCmd
    

    You must add these commands to the resource group that contains the list of commands a buyer can execute.


Identify the role-based policy for buyers (buy-side)

  1. Determine the role-based policy for buyers (buy-side). The policy is: Buyers(buy-side)ExecuteBuyers(buy-side)CommandsResourceGroup.

  2. Click Access Management > Policies.

  3. For View, select Root Organization to display the site-level policies.

  4. Locate the policy in the list.

  5. Note the name of the resource group--Buyers(buy-side)CommandsResourceGroup. This is the resource group update.


Update the resource group in the role-based policy to include the commands for creating orders

  1. Click Access Management > Resource Groups.

  2. From the list of resource groups, select Buyers(buy-side)CommandsResourceGroup.

  3. Click Change to display the Change Resource Group page.

  4. Click Next to display the Details page.

  5. From the Available Resources list, select the following commands for creating orders:

    com.ibm.commerce.order.commands.OrderCopyCmd
    com.ibm.commerce.order.commands.OrderScheduleCmd
    com.ibm.commerce.orderitems.commands.OrderItemMoveCmd
    com.ibm.commerce.orderitems.commands.OrderItemUpdateCmd
    com.ibm.commerce.requisitionlist.commands.RequisitionListSubmitCmd
    com.ibm.commerce.orderitems.commands.OrderItemAddCmd
    com.ibm.commerce.orderquotation.commands.OrderQuotationCreateCmd
    

  6. Click Add.

  7. Click Finish.


Update the access control policy registry with the changes

  1. Open the Administration Console.

  2. Click Configuration > Registry.

  3. From the list of registries, select Access Control Policies.

  4. Click Update.


+

Search Tips   |   Advanced Search