Example: Permit only Buyers to create orders

By default, all users are permitted to create orders for products, regardless of their position in their organization. In some cases, you may want to limit the ability to create orders to a restricted group of users, such as the employees of the buying organization. Typically, these employees are assigned the Buyer (buy-side) role for the buying organization.

To limit order creation to users with the Buyer role, you need to do the following:


Identify the resource-level policy

  1. Determine the resource-level policy to be changed. The policy is: AllUsersExecuteOrderCreateCommandsOnStoreResource.

  2. From the Organization Administration Console, click Access Management > Policies.

  3. For View, select Root Organization to display the policies that it owns.

  4. From the list of policies, select AllUsersExecuteOrderCreateCommandsOnStoreResource. Note the name of the policy's action group--OrderCreateCommands. This is the action group you need to view to find the names of the commands for creating an order.


Change the access group

  1. Click Change to display the Change Policy page.

  2. For User Group, click Find and select Buyers (buy-side).

  3. Click OK.

  4. Update the policy's name, display name, and description to reflect the change of access group.

  5. Click OK.


Identify the command for creating orders

  1. Click Access Management > Action Groups.

  2. From the list of action groups, select OrderCreateCommands .

  3. Click Change to display the Change Action Group page. Note the names of the commands for creating orders: 

      com.ibm.commerce.order.commands.OrderCopyCmd
com.ibm.commerce.order.commands.OrderScheduleCmd
com.ibm.commerce.orderitems.commands.OrderItemMoveCmd
com.ibm.commerce.orderitems.commands.OrderItemUpdateCmd
com.ibm.commerce.requisitionlist.commands.RequisitionListSubmitCmd
com.ibm.commerce.orderitems.commands.OrderItemAddCmd
com.ibm.commerce.orderquotation.commands.OrderQuotationCreateCmd

    We must add these commands to the resource group containing the list of commands a buyer can execute.


Identify the role-based policy for buyers (buy-side)

  1. Determine the role-based policy for buyers (buy-side). The policy is: Buyers(buy-side)ExecuteBuyers(buy-side)CommandsResourceGroup.

  2. Click Access Management > Policies.

  3. For View, select Root Organization to display the site-level policies.

  4. Locate the policy in the list.

  5. Note the name of the resource group--Buyers(buy-side)CommandsResourceGroup. This is the resource group you need to update.


Update the resource group in the role-based policy to include the commands for creating orders

  1. Click Access Management > Resource Groups.

  2. From the list of resource groups, select Buyers(buy-side)CommandsResourceGroup.

  3. Click Change to display the Change Resource Group page.

  4. Click Next to display the Details page.

  5. From the Available Resources list, select the following commands for creating orders: 

      com.ibm.commerce.order.commands.OrderCopyCmd
com.ibm.commerce.order.commands.OrderScheduleCmd
com.ibm.commerce.orderitems.commands.OrderItemMoveCmd
com.ibm.commerce.orderitems.commands.OrderItemUpdateCmd
com.ibm.commerce.requisitionlist.commands.RequisitionListSubmitCmd
com.ibm.commerce.orderitems.commands.OrderItemAddCmd
com.ibm.commerce.orderquotation.commands.OrderQuotationCreateCmd

  6. Click Add.

  7. Click Finish.


Update the access control policy registry with our changes

  1. Open the Administration Console.

  2. Click Configuration > Registry.

  3. From the list of registries, select Access Control Policies.

  4. Click Update.