Access control policy groups

WebSphere Commerce supports various business models, and each business model has its own set of access control policies. In order to group the sets of policies within the models, policy groups were created. Policies are explicitly assigned to appropriate policy groups and then organizations can subscribe to one or more of these policy groups. For example, in the following diagram, Seller Organization subscribes to Seller Organization Policy Group, and Root Organization Policy Group.

Policies are assigned to policy groups. For example, in the preceding diagram, Policy 1 and Policy 2 are assigned to the Root Organization Policy group, Policy 3 is assigned to the Seller Organization Policy Group, and Policy 4 is assigned to the Division A Organizational Unit Policy Group.


Policy group subscription

Organizations can subscribe to policy groups. If Organization B does not subscribe to any policy groups, the access control framework will begin searching up the organization hierarchy until it encounters an organization that subscribes to at least one policy group. If Organization B's immediate parent organization, Organization A, subscribes to a policy group, the searching stops, and the policies are applied to Organization A and B. This can be seen in the following diagram.

If Organization A does not subscribe to a policy group, the search continues up the organization hierarchy, until an organization with a subscription is reached. This is seen in the following diagram where the Root Organization subscribes to a policy group. The policies in that group apply to Organization B and Organization A.

If Organization B subscribes to a policy group, the search stops at Organization B. So only the policies in the Organization B policy group will apply to Organization B.


Related concepts
Authorization


Related tasks
Subscribing to policy groups