Enforcing access control

Policy Manager is the access control component that determines whether the current user is allowed to execute the specified action on the specified resource. Access control policies are specified in XML format. During instance creation, the default policies and policy groups are loaded into the appropriate database tables. When WebSphere Commerce Application Server is started up, the access control information is cached in memory so the Policy Manager can quickly check a user's authorization when called to do so. If access control information is changed in the database through the Administration Console, or by loading XML policy data, the access control cache needs to be updated. We can update the cache by updating the appropriate registry in the Administration Console. If policy data is changed, then update the Access Control Policies registry. If policy group data is changed, update the Access Control Policy Groups registry. Restarting WebSphere Commerce also updates the cache.

When a user attempts to acts on a protected resource, an access control check occurs to make sure that the user is authorized. The Policy Manager looks for all the access control policies that apply to the organization that owns the resource. Then, it checks those policies to evaluate if the user is authorized to act on the target resource. If there is at least one such policy, the Policy Manager grants access, otherwise, access is denied.


Levels of access control

There are two broad levels of access control in WebSphere Commerce: command level (also know as role-based) and resource level (also known as instance-level).


Command-level or role-based access control

Command-level or role-based access control is coarse access control. It determines who can do what in the current store. With role-based access control, we can specify that all users of a particular role can execute certain commands within the current store. If no store is selected, then role checking is not scoped to any particular store or organization. Consider the access control policy, Sellers can execute sellers commands. In this policy, one of the sellers commands is the CatalogUpdate command. In the preceding figure, Jack and Tom both are sellers, so both of them can run the UpdateCatalog command. However, they can only run this command if the current store belongs to an organization where they play the seller role.

Role-based access control is used for controller commands and views. This type of access control considers only the current store, not any of the other low level resources. It determines only whether the user is allowed to execute a particular controller command or view. This level of access control is mandatory and is enforced by the run time.


Instance-level or resource-level access control

Instance-level or resource-level access control policies provide granular access control, determining who can do what command on which resources in the current store. Sellers can modify objects that are owned by the organization for which they play their role. For example, If user A has the seller role for Seller Organization 1 and user B has the seller role for Seller Organization 2. User A creates a furniture category at the furniture store. User B creates a shirt category at the shirt store. User A can modify the furniture category, but not the shirt category. User B can modify the shirt category, but not the furniture category.

To summarize, first the system does a command-level access check. If the user is allowed to execute a command, a subsequent resource-level access control policy is done to determine if the user can access the resource in question.

Resource level access control applies to commands and data beans.


Related concepts
Authorization


Related tasks
Customizing default access control policies
Defining access control policy elements using XML
Implementing access control


Related reference
Examples: Customize access control policies using the Organization Administration Console