Role-based policies

Secure > Authorization > Default access control policies

Role-based policies

The following are the role-based policies for each default role in WebSphere Commerce:

AccountRepresentativesExecuteAccountRepresentativesViews

AccountRepresentativesExecuteAccountRepresentativesCmdResourceGroup

AllUsersExecuteAllSiteUserCmdResourceGroup

AllUsersExecuteAllSiteUsersViews

AllUsersExecuteResellerUserCmdResourceGroup

AllUsersExecuteResellerUserViews

BecomeUserCustomerServiceGroupExecutesBecomeUserCmdsResourceGroup

BuyerAdministratorsExecuteBuyerAdministratorsViews

BuyerAdministratorsExecuteBuyersAdministratorsCommands

BuyerApproversExecuteBuyerApproversCmdResourceGroup

BuyerApproversExecuteBuyerApproversViews

Buyers(buy-side)ExecuteBuyers(buy-side)CommandsResourceGroup

Buyers(buy-side)ExecuteBuyers(buy-side)Views

Buyers(sell-side)ExecuteBuyers(sell-side)CommandsResourceGroup

Buyers(sell-side)ExecuteBuyers(sell-side)Views

CategoryManagersExecuteCategoryManagersCmdResourceGroup

CategoryManagersExecuteCategoryManagersViews

ChannelManagersExecuteChannelManagersCommands

ChannelManagersExecuteChannelManagersViews

CustomerServiceRepresentativesExecuteCustomerServiceRepresentativeViews

CustomerServiceRepresentativesExecuteCustomerServiceRepCmdResourceGroup

CustomerServiceSupervisorsExecuteCustomerServiceSupervisorViews

CustomerServiceSupervisorsExecuteCustomerServiceSupervisorCmdResourceGroup

CustomersExecuteCustomersViews

LogisticsManagersExecuteLogisticsManagersCmdResourceGroup

LogisticsManagersExecuteLogisticsManagersViews

MarketingManagersExecuteMarketingManagerCmdResourceGroup

MarketingManagersExecuteMarketingManagersViews

OperationsManagersExecuteOperationsManagersCmdResourceGroup

OperationsManagersExecuteOperationsManagersViews

PickPackersExecutePickPackersCmdResourceGroup

PickPackersExecutePickPackersViews

ProcurementBuyersExecuteProcurementBuyersCmdResourceGroup

ProductManagersExecuteProductManagersCmdResourceGroup

ProductManagersExecuteProductManagersViews

ReceiversExecuteReceiversCmdResourceGroup

ReceiversExecuteReceiversViews

RegisteredApprovedUsersExecuteRegisteredApprovedUsersCommandsResourceGroup

RegisteredApprovedUsersExecuteRegisteredApprovedUsersViews

RegisteredCustomersForOrgExecuteRegisteredUserCmdResourceGroup

RegisteredCustomersForOrgExecuteRegisteredUserViews

ReturnsAdministratorsExecuteReturnsAdministratorsCmdResourceGroup

ReturnsAdministratorsExecuteReturnsAdministratorsViews

SalesManagersExecuteSalesManagersCmdResourceGroup

SalesManagersExecuteSalesManagersViews

SellerAdministratorsExecuteSellerAdministratorsCommands

SellerAdministratorsExecuteSellerAdministratorsViews

SellersExecuteSellersCmdResourceGroup

SellersExecuteSellersViews

SiteAdministratorsCanDoEverything

WorkspaceManagersExecuteWorkspaceManagersViews

WorkspaceManagersExecuteWorkspaceManagersCmdResourceGroup

AttachmentManagersExecuteAttachmentManagersCmdResourceGroup

WorkspaceTaskgroupApproversExecuteWorkspaceTaskgroupApproversViews

WorkspaceTaskgroupApproversExecuteWorkspaceTaskgroupApproversCmdResourceGroup

WorkspaceContentContributorsExecuteWorkspaceContentContributorsViews

WorkspaceContentContributorsExecuteWorkspaceContentContributorsCmdResourceGroup

The following table displays the role-based policies by role, access group, resource group, and view.
Notes:

Most items in the table except for the Role column have been split across each cell for display purposes as they are lengthy.

Not all of the roles shown in the following table are defined roles in WebSphere Commerce. See the notes following the table for details.

The SiteAdministratorsCanDoEverything policy is a special default policy that grants super-user access to administrators with the Site Administrator role. In this policy, a Site Administrator can perform any action on any resource, even if those actions or resources have not been defined. It is important to be aware of this when assigning this role to users.

Table 1. Role-based policies by role, access group, resource group, and view
Role Access Group used in role-based policies Resource Group used in role-based policies for Controller commands Action Group used in role-based policies for Views
Account Representative Account Representatives AccountRepresentativesCmd ResourceGroup AccountRepresentatives Views
All Users4 AllUsers ResellerUserCmd ResourceGroup5 ResellerUserViews5
AllSiteUserCmd ResourceGroup6 AllSiteUsersViews6
Buyer (buy-side) Buyers(buy-side) Buyers(buy-side) CommandsResourceGroup Buyers(buy-side)Views
Buyer (sell-side) Buyers(sell-side) Buyers(sell-side) CommandsResourceGroup Buyers (sell-side)Views
Buyer Administrator BuyerAdministrators BuyerAdministrators CommandsResource Group BuyerAdministrators Views
Buyer Approver BuyerApprovers BuyerApproversCmd ResourceGroup BuyerApproversViews
Category Manager CategoryManagers CategoryManagers CmdResourceGroup CategoryManagersViews
Channel Manager ChannelManagers ChannelManagersCmd ResourceGroup ChannelManagersViews
Customer Service Representative CustomerService Representatives CustomerService RepCmdResourceGroup CustomerService Representative Views
Customer Service Supervisor CustomerService Supervisors CustomerService Supervisor CmdResourceGroup CustomerService SupervisorViews
Guest1 Guests GuestUsersCmd ResourceGroup GuestUsersViews
Logistics Manager LogisticsManagers LogisticsManagersCmd ResourceGroup LogisticsManagersViews
Marketing Manager MarketingManagers MarketingManager CmdResourceGroup MarketingManagersViews
Non-Rejected User3 NonRejectedUsers NonRejectedUserCommands ResourceGroup NonRejectedUsersViews
Operations Manager OperationsManagers OperationsManagersCmd ResourceGroup OperationsManagersViews
Pick Packer PickPackers PickPackersCmd ResourceGroup PickPackersViews
Procurement Buyer ProcurementBuyers ProcurementBuyersCmd ResourceGroup n/a
Product Manager ProductManagers ProductManagers CmdResourceGroup ProductManagersViews
Receiver Receivers ReceiversCmdResourceGroup ReceiversViews
Registered Approved User2 RegisteredApproved Users RegisteredApprovedUsers CommandsResourceGroup RegisteredApproved UsersViews
Registered Customer (with OrgandAncestorOrgs role qualifier) Registered CustomersForOrg RegisteredUserCmd ResourceGroup RegisteredUserViews
Returns Administrator ReturnsAdministrators ReturnsAdministratorsCmd ResourceGroup ReturnsAdministrators Views
Sales Manager SalesManagers SalesManagersCmd ResourceGroup SalesManagersViews
Seller Administrator Seller Administrators SellerAdministrators CommandsResourceGroup SellerAdministrators Views
Seller Sellers SellersCmdResourceGroup SellersViews
Site Administrator SiteAdministrators n/a n/a
Workspace Manager WorkspaceManagers WorkspaceManagersCmdResourceGroup WorkspaceManagersViews
Attachment Manager AttachmentManagers AttachmentManagersCmdResourceGroup n/a
Workspace Taskgroup Approver WorkspaceTaskgroupApprovers WorkspaceTaskgroupApproversViews WorkspaceTaskgroupApproversCmdResourceGroup
Workspace Content Contributors WorkspaceContentContributors WorkspaceContentContributorsViews WorkspaceContentContributorsCmdResourceGroup
Notes:

"Guest" is not a true role. Users who have a registration status set to "G" (the USER.REGISTERTYPE column is set to "G") implicitly belong to the Guests access group.

"Registered Approved User" is not a true role. Users who have a registration status set to "R" ( the USER.REGISTERTYPE column column is set to "R") and whose status is approved (the MEMBER.STATE column is set to 1 ) implicitly belong to the RegisteredApprovedUsers access group.

"Non-Rejected User" is not a true role. Users whose registration status is not-rejected (MEMBER.STATE column is not set to 2) implicitly belong to the NonRejectedUsers access group.

"All Users" is not a true role. All users in the system implicitly belong to the AllUsers access group.

These action groups and resource groups belong to policies that are part of the B2CPolicyGroup. This policy group likely applies only to organizations that follow the B2C business model.

These action groups and resource groups belong to policies that are part of the ManagementAndAdministrationPolicyGroup. This policy group likely applies to all organizations.

+
Search Tips | Advanced Search

Role	Access Group used in role-based policies	Resource Group used in role-based policies for Controller commands	Action Group used in role-based policies for Views
Account Representative	Account Representatives	AccountRepresentativesCmd ResourceGroup	AccountRepresentatives Views
All Users4	AllUsers	ResellerUserCmd ResourceGroup5	ResellerUserViews5
AllSiteUserCmd ResourceGroup6	AllSiteUsersViews6
Buyer (buy-side)	Buyers(buy-side)	Buyers(buy-side) CommandsResourceGroup	Buyers(buy-side)Views
Buyer (sell-side)	Buyers(sell-side)	Buyers(sell-side) CommandsResourceGroup	Buyers (sell-side)Views
Buyer Administrator	BuyerAdministrators	BuyerAdministrators CommandsResource Group	BuyerAdministrators Views
Buyer Approver	BuyerApprovers	BuyerApproversCmd ResourceGroup	BuyerApproversViews
Category Manager	CategoryManagers	CategoryManagers CmdResourceGroup	CategoryManagersViews
Channel Manager	ChannelManagers	ChannelManagersCmd ResourceGroup	ChannelManagersViews
Customer Service Representative	CustomerService Representatives	CustomerService RepCmdResourceGroup	CustomerService Representative Views
Customer Service Supervisor	CustomerService Supervisors	CustomerService Supervisor CmdResourceGroup	CustomerService SupervisorViews
Guest1	Guests	GuestUsersCmd ResourceGroup	GuestUsersViews
Logistics Manager	LogisticsManagers	LogisticsManagersCmd ResourceGroup	LogisticsManagersViews
Marketing Manager	MarketingManagers	MarketingManager CmdResourceGroup	MarketingManagersViews
Non-Rejected User3	NonRejectedUsers	NonRejectedUserCommands ResourceGroup	NonRejectedUsersViews
Operations Manager	OperationsManagers	OperationsManagersCmd ResourceGroup	OperationsManagersViews
Pick Packer	PickPackers	PickPackersCmd ResourceGroup	PickPackersViews
Procurement Buyer	ProcurementBuyers	ProcurementBuyersCmd ResourceGroup	n/a
Product Manager	ProductManagers	ProductManagers CmdResourceGroup	ProductManagersViews
Receiver	Receivers	ReceiversCmdResourceGroup	ReceiversViews
Registered Approved User2	RegisteredApproved Users	RegisteredApprovedUsers CommandsResourceGroup	RegisteredApproved UsersViews
Registered Customer (with OrgandAncestorOrgs role qualifier)	Registered CustomersForOrg	RegisteredUserCmd ResourceGroup	RegisteredUserViews
Returns Administrator	ReturnsAdministrators	ReturnsAdministratorsCmd ResourceGroup	ReturnsAdministrators Views
Sales Manager	SalesManagers	SalesManagersCmd ResourceGroup	SalesManagersViews
Seller Administrator	Seller Administrators	SellerAdministrators CommandsResourceGroup	SellerAdministrators Views
Seller	Sellers	SellersCmdResourceGroup	SellersViews
Site Administrator	SiteAdministrators	n/a	n/a
Workspace Manager	WorkspaceManagers	WorkspaceManagersCmdResourceGroup	WorkspaceManagersViews
Attachment Manager	AttachmentManagers	AttachmentManagersCmdResourceGroup	n/a
Workspace Taskgroup Approver	WorkspaceTaskgroupApprovers	WorkspaceTaskgroupApproversViews	WorkspaceTaskgroupApproversCmdResourceGroup
Workspace Content Contributors	WorkspaceContentContributors	WorkspaceContentContributorsViews	WorkspaceContentContributorsCmdResourceGroup
Notes: "Guest" is not a true role. Users who have a registration status set to "G" (the USER.REGISTERTYPE column is set to "G") implicitly belong to the Guests access group. "Registered Approved User" is not a true role. Users who have a registration status set to "R" ( the USER.REGISTERTYPE column column is set to "R") and whose status is approved (the MEMBER.STATE column is set to 1 ) implicitly belong to the RegisteredApprovedUsers access group. "Non-Rejected User" is not a true role. Users whose registration status is not-rejected (MEMBER.STATE column is not set to 2) implicitly belong to the NonRejectedUsers access group. "All Users" is not a true role. All users in the system implicitly belong to the AllUsers access group. These action groups and resource groups belong to policies that are part of the B2CPolicyGroup. This policy group likely applies only to organizations that follow the B2C business model. These action groups and resource groups belong to policies that are part of the ManagementAndAdministrationPolicyGroup. This policy group likely applies to all organizations.