Authorization

WebSphere Commerce views access control or authorization as the process of verifying that users or applications have sufficient authority to access a resource.

Authorization or access control in WebSphere Commerce is accomplished using access control policies. An access control policy is a rule that describes which group of users can perform a set of actions on a set of resources. WebSphere Commerce provides a set of default access control policies. These default access control policies are specified in XML format and are designed to address many of the typical access control requirements that an e-commerce site requires.

The role of e-commerce has not only changed the way companies are doing business, but it has dramatically increased the kinds of relationships that they can expect to have with their customers and business partners. The web is a key factor in delivering improved value to your existing customers, and paving the way for new customers eager to benefit from the power and increased efficiency of the Internet. Along with the clear advantages of doing business on the web and the tremendous potential for increasing our customer base, comes the challenge of managing your business flows and trading patterns while maintaining a highly secure environment, authorizing appropriate transactions, and streamlining your work processes.

The hallmark of access control is the ability to oversee these work processes by managing the ways in which users participate in your system, based on their activities, and their business relationship to your products and services. For example, we might authorize graphic designers to customize the store pages, but we might restrict them from managing the actual content in your product catalog.

WebSphere Commerce provides you with the right tools for access management, by including more than 200 default access control policies that are automatically loaded into your system at the time of instance creation. These policies are designed to address many of the typical access control requirements that your business needs, and can even be customized to suit our own e-commerce solution.

Manage access to activities in your electronic marketplace is an integral part of protecting your company's financial assets and resources, for ensuring secure business transactions between approved members of the site, and validating the legitimacy of your online operations. Access control becomes especially crucial in the context of e-commerce, where the entry to your business is largely affected by customer relationships that begin over the web.


See


Related concepts
Access control policy
Access groups
WebSphere Commerce security model
Business models
Access control policy groups
Enforcing access control
Evaluating access control policies
Relationships between role-based and resource-level policies
Role-based and resource-level policies
Price override groups


Related tasks
Copying access control data to the production environment
Customizing default access control policies
Defining access control policy elements using XML
Implementing access control
Open the Administration Console


Related reference
Examples: Customize access control policies using the Organization Administration Console
Example: Examining an access control policy