Troubleshoot and support > Access control problems


Troubleshoot: Policy group subscription

A policy that you expect to grant access appears in the trace, however it is not being applied.

Problem: A policy that you expect to grant access appears in the trace, however it is not being applied.

Indication: An error similar to the following example is logged to the trace.log file.

PolicyManagerImpl.isAllowed isAllowed? User=510; 
Action=Execute; 
Protectable=
com.ibm.commerce.catalog.commands.ProductDisplayCmdImpl; 
Owner=2002; Resource Ancestor Orgs=2002,-2001; Resource Applicable
Orgs=2002

PolicyManagerImpl.isAllowed Found PolicyName: 

AllUsersExecuteResellerUserCmdResourceGroup
; PolicyType: 3; PolicyOwner: -2001

PolicyManagerImpl.getPolicyApplicableOrgs 
No organizations subscribe to a policy group with this
policy

PolicyManagerImpl.isAllowed Policy does not apply to the resource's
applicable organizations
...

PolicyManagerImpl.isAllowed 
PASSED? =false 

Solution:

  1. Verify the resource owner is subscribing to the correct policy groups. For example, the file:

    WC_INSTALL\xml\policies\xml\defaultAccessControlPolicies.xml shows that the AllUsersExecuteResellerUserCmdResourceGroup belongs to the B2CPolicyGroup:

    <PolicyGroup Name="B2CPolicyGroup"
    OwnerID="RootOrganization">        
    <PolicyGroupPolicy
    Name="AllUsersExecuteResellerUserCmdResourceGroup" 
            PolicyOwnerID="RootOrganization" />        
    <PolicyGroupPolicy
    Name="AllUsersExecuteResellerUserViews" 
                    PolicyOwnerID="RootOrganization"/>
    </PolicyGroup>
    

  2. Query the ACPLGPSUBS database table to determine whether there is a correct association between the necessary access control policy groups and the organizational entities. For example, ensure that the current store's organization is associated with B2CPolicyGroup

    orgentity_id acpolgrp_id
    2002 10001(ManagementAndAdministrationPolicyGroup)
    2002 10003 (CommonShoppingPolicyGroup)

  3. Subscribe the organization to the policy group. (In this example, the organization should subscribe to the B2CPolicyGroup).


Related concepts

Access control policies and policy group structure

Access control policy groups

Related reference

Default access control policy groups


+

Search Tips   |   Advanced Search