Troubleshoot and support > Access control problems


Troubleshoot: Missing policy for new controller command

A controller command was added without an accompanying access control policy.

Problem: A controller command was added without an accompanying access control policy.

Indication: An application error is displayed. In the trace.log file the Execute action will match several policies, but no resource groups will match.

PolicyManagerImpl.isAllowed isAllowed? User=510; Action=Execute; 
        Resource=com.ibm.commerce.scheduler.commands.ListRegistryCmdImpl; 
        Owner=-2001; Resource Ancestor Orgs=-2001,-2001; Resource Applicable Orgs=-2001 
PolicyManagerImpl.isAllowed Found 
        PolicyName: BuyerAdministratorsExecuteBuyersAdministratorsCommands; 
        PolicyType: 2; PolicyOwner: -2001
PolicyManagerImpl.getPolicyApplicableOrgs Policy Applicable Orgs=-2001
PolicyManagerImpl.evaluatePolicy Evaluating PolicyName: 
        BuyerAdministratorsExecuteBuyersAdministratorsCommands
PolicyManagerImpl.evaluatePolicy ResourceGroup does not match
...
PolicyManagerImpl.isAllowed PASSED? =false

Solution:

  1. Create a policy for controller command. Refer to Add a new controller command using existing policies for an example.

  2. Load the policy using the acpload utility.

  3. Update the Registry.

Related reference

Sample: Access control policies for development purposes

acpload utility


+

Search Tips   |   Advanced Search