Secure > Authorization > Customize default access control policies > Define access control policy elements using XML > Protect views
Add a new view using a new policy
To add a new view that is accessible by a new role that does not have an existing role-based policy, create an XML file.
<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> <!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd"> <Policies> <Action Name="MyNewView" CommandName="MyNewView"> </Action> <ActionGroup Name="XYZViews" OwnerID="RootOrganization"> <ActionGroupAction Name="MyNewView"/> </ActionGroup> <Policy Name="XYZExecuteXYZViews" OwnerID="RootOrganization" UserGroup="XYZ" ActionGroupName="XYZViews" ResourceGroupName="ViewCommandResourceGroup" PolicyType="groupableStandard"> </Policy> <PolicyGroup Name="ManagementAndAdministrationPolicyGroup" OwnerID="RootOrganization"> <PolicyGroupPolicy Name="XYZExecuteXYZViews" PolicyOwnerId="RootOrganization" /> </PolicyGroup> </Policies>
Procedure
- Create a new action definition in the XML file that has the view name MyNewView. This can be any name that you choose.
<Action Name=" MyNewView CommandName=" MyNewView"> </Action>
- Create a new action group to be associated with the new role:
<ActionGroupName=" XYZViews" OwnerID="RootOrganization"> </ActionGroup>
Where XYZViews is the name of the action group. The OwnerID for action groups should always be RootOrganization.
- Associate the new action with the new action group:
<ActionGroupName=" XYZViews" OwnerID="RootOrganization"> <ActionGroupAction Name=" MyNewView"/>
</ActionGroup>
Where XYZViews is the action group, and MyNewView is the action you created.
- Create a policy that references the new action group:
<Policy Name=" XYZExecuteXYZViews" OwnerID="RootOrganization" UserGroup="XYZ" ActionGroupName=" XYZViews" ResourceGroupName="ViewCommandResourceGroup" PolicyType="groupableStandard"> </Policy>
Where XYZExecuteXYZViews is the policy name and XYZViews is the action group. In WebSphere Commerce 5.5, because of the policy subscription model, the OwnerID for groupable standard and groupable template policies is not used to determine to which resources a policy will apply. The OwnerID value is currently used only by the Administration Console when viewing policies by organization (owner). If a policy is to apply to multiple organizations, it is recommended that the OwnerID be set to the common ancestor organization such as Root Organization. If a policy is to apply only to a specific organization, it is recommended that the OwnerID be set to that organization's orgentity_id.
- Include the new policy in the appropriate policy group. By default, most role-based policies are put into ManagementAndAdministrationPolicyGroup, which should be applied to all organizations.
<PolicyGroupName="ManagementAndAdministrationPolicyGroup" OwnerID="RootOrganization"> <PolicyGroupPolicy Name="XYZExecuteXYZViews" PolicyOwnerId="RootOrganization"/> </PolicyGroup>
Where the PolicyOwnerId value must be the same as the OwnerID value used in the policy definition.
- Load the XML changes into the database. For more information about loading the XML changes, see Load access control policy data.
- Update the Access Control Policies Registry in the Administration Console by doing the following:
- Logon to the Administration Console as a Site Administrator.
- Click Configuration > Registry.
- From the list of registries, select Access Control Policies.
- Click Update.
Results
You can now use the view.