9.4.1 Create a new role-based access control policy
To create a new role-based policy for a new role, you can use the Organizational Administration Console for some subtasks; however, you have to load some of the changes manually through the use of access control policy XML files:
1. Use the Organizational Administration Console to create an access group for the new role. See 9.3.4, Access Management: Access Groups.
2. Use the Organizational Administration Console to create a resource group and assign commands that this role can execute. See 9.3.6, Access Management: Resource Groups.
3. Use the Organizational Administration Console to create an access control policy with the following parameters (see 9.3.5, Access Management: Policies):
a. Specify the new access group created in step 1 as the User Group.
b.
c.
4. Manually, create an access control XML file for the policy and associate the new policy to a policy group as described in Associate policies with policy groups.
5. Manually, update the XML file created in step 4 to modify the resource-level access control for the policy. See "Modifying the resource-level access control of an existing policy" in the WebSphere Commerce Information Center:
http://www.ibm.com/software/webservers/appserv/infocenter.html
6. After completing the changes to the policy, load the policy into the database as described in "Loading access control policy definitions and other policy-related elements" in the WebSphere Commerce Information Center.
Note: The WebSphere Commerce Organization Administration Console enables you to make simple changes to access control policies and their parts.
To make more sophisticated changes, you have to edit the XML files directly and load them into the database.
// Clear related topics
ibm.com/redbooks
