Troubleshoot and support > Access control problems
Troubleshoot: Missing policy for new controller command
A controller command was added without an accompanying access control policy.
Problem: A controller command was added without an accompanying access control policy.
Indication: An application error is displayed. In the trace.log file the Execute action will match several policies, but no resource groups will match.
PolicyManagerImpl.isAllowed isAllowed? User=510; Action=Execute; Resource=com.ibm.commerce.scheduler.commands.ListRegistryCmdImpl; Owner=-2001; Resource Ancestor Orgs=-2001,-2001; Resource Applicable Orgs=-2001 PolicyManagerImpl.isAllowed Found PolicyName: BuyerAdministratorsExecuteBuyersAdministratorsCommands; PolicyType: 2; PolicyOwner: -2001 PolicyManagerImpl.getPolicyApplicableOrgs Policy Applicable Orgs=-2001 PolicyManagerImpl.evaluatePolicy Evaluating PolicyName: BuyerAdministratorsExecuteBuyersAdministratorsCommands PolicyManagerImpl.evaluatePolicy ResourceGroup does not match ... PolicyManagerImpl.isAllowed PASSED? =false
Solution:
- Create a policy for controller command. Refer to Add a new controller command using existing policies for an example.
- Load the policy using the acpload utility.
- Update the Registry.
Related reference
Sample: Access control policies for development purposes