Troubleshoot and support > Access control problems


Troubleshoot: Missing resource-level policy for a command

A controller command, that does resource level access control checking, was extended without adding the resource-level access control policy for the new command

Problem: A controller command, that does resource level access control checking, was extended without adding the resource-level access control policy for the new command

Indication: An application error is displayed. In the trace.log file indicates failure on the resource-level policy check as shown in the following example:

PolicyManagerImpl.isAllowed isAllowed? User=510; 
Action=com.xyz.MyOrderItemAddCmd; 
Resource=com.ibm.commerce.order.objects._Order_Stub;; 
Owner=2002; Resource Ancestor Orgs=2002,-2001; Resource Applicable Orgs=2002
...
PolicyManagerImpl.isAllowed PASSED? =false

Solution:

  1. Load a new action and associate it with the action groups of the underlying WebSphere Commerce command. Refer to Access control implications when a controller command is extended.


Related tasks

Modify access control on existing WebSphere Commerce resources

Related reference

Sample: Access control policies for development purposes

acpload utility


+

Search Tips   |   Advanced Search