Role-based policies
The following are the role-based policies for each default role in WebSphere Commerce:
- AccountRepresentativesExecuteAccountRepresentativesViews
- AccountRepresentativesExecuteAccountRepresentativesCmdResourceGroup
- AllUsersExecuteAllSiteUserCmdResourceGroup
- AllUsersExecuteAllSiteUsersViews
- AllUsersExecuteResellerUserCmdResourceGroup
- AllUsersExecuteResellerUserViews
- BecomeUserCustomerServiceGroupExecutesBecomeUserCmdsResourceGroup
- BuyerAdministratorsExecuteBuyerAdministratorsViews
- BuyerAdministratorsExecuteBuyersAdministratorsCommands
- BuyerApproversExecuteBuyerApproversCmdResourceGroup
- BuyerApproversExecuteBuyerApproversViews
- Buyers(buy-side)ExecuteBuyers(buy-side)CommandsResourceGroup
- Buyers(buy-side)ExecuteBuyers(buy-side)Views
- Buyers(sell-side)ExecuteBuyers(sell-side)CommandsResourceGroup
- Buyers(sell-side)ExecuteBuyers(sell-side)Views
- CategoryManagersExecuteCategoryManagersCmdResourceGroup
- CategoryManagersExecuteCategoryManagersViews
- ChannelManagersExecuteChannelManagersCommands
- ChannelManagersExecuteChannelManagersViews
- CustomerServiceRepresentativesExecuteCustomerServiceRepresentativeViews
- CustomerServiceRepresentativesExecuteCustomerServiceRepCmdResourceGroup
- CustomerServiceSupervisorsExecuteCustomerServiceSupervisorViews
- CustomerServiceSupervisorsExecuteCustomerServiceSupervisorCmdResourceGroup
- CustomersExecuteCustomersViews
- LogisticsManagersExecuteLogisticsManagersCmdResourceGroup
- LogisticsManagersExecuteLogisticsManagersViews
- MarketingManagersExecuteMarketingManagerCmdResourceGroup
- MarketingManagersExecuteMarketingManagersViews
- MarketingDirectorsExecuteMarketingDirectorCmdResourceGroup
- OperationsManagersExecuteOperationsManagersCmdResourceGroup
- OperationsManagersExecuteOperationsManagersViews
- PickPackersExecutePickPackersCmdResourceGroup
- PickPackersExecutePickPackersViews
- ProcurementBuyersExecuteProcurementBuyersCmdResourceGroup
- ProductManagersExecuteProductManagersCmdResourceGroup
- ProductManagersExecuteProductManagersViews
- ReceiversExecuteReceiversCmdResourceGroup
- ReceiversExecuteReceiversViews
- RegisteredApprovedUsersExecuteRegisteredApprovedUsersCommandsResourceGroup
- RegisteredApprovedUsersExecuteRegisteredApprovedUsersViews
- RegisteredCustomersForOrgExecuteRegisteredUserCmdResourceGroup
- RegisteredCustomersForOrgExecuteRegisteredUserViews
- ReturnsAdministratorsExecuteReturnsAdministratorsCmdResourceGroup
- ReturnsAdministratorsExecuteReturnsAdministratorsViews
- SalesManagersExecuteSalesManagersCmdResourceGroup
- SalesManagersExecuteSalesManagersViews
- SellerAdministratorsExecuteSellerAdministratorsCommands
- SellerAdministratorsExecuteSellerAdministratorsViews
- SellersExecuteSellersCmdResourceGroup
- SellersExecuteSellersViews
- SiteAdministratorsCanDoEverything
- WorkspaceManagersExecuteWorkspaceManagersViews
- WorkspaceManagersExecuteWorkspaceManagersCmdResourceGroup
- AttachmentManagersExecuteAttachmentManagersCmdResourceGroup
- WorkspaceTaskgroupApproversExecuteWorkspaceTaskgroupApproversViews
- WorkspaceTaskgroupApproversExecuteWorkspaceTaskgroupApproversCmdResourceGroup
- WorkspaceContentContributorsExecuteWorkspaceContentContributorsViews
- WorkspaceContentContributorsExecuteWorkspaceContentContributorsCmdResourceGroup
The following table displays the role-based policies by role, access group, resource group, and view. Notes:
- Most items in the table except for the Role column are split across each cell for display purposes as they are lengthy.
- Not all of the roles that are shown in the following table are defined roles in WebSphere Commerce. See the notes that follow the table for details.
- The SiteAdministratorsCanDoEverything policy is a special default policy that grants super-user access to administrators with the Site Administrator role. In this policy, a Site Administrator can perform actions on any resource, even if those actions or resources are not defined. It is important to be aware of this access when we are assigning this role to users.
Table 1. Role-based policies by role, access group, resource group, and view Role Access Group used in role-based policies Resource Group used in role-based policies for Controller commands Action Group used in role-based policies for Views Account Representative Account Representatives AccountRepresentativesCmd
ResourceGroupAccountRepresentatives
ViewsAll Users4 AllUsers ResellerUserCmd
ResourceGroup5ResellerUserViews5 AllSiteUserCmd
ResourceGroup6AllSiteUsersViews6 Buyer (buy-side) Buyers(buy-side) Buyers(buy-side)
CommandsResourceGroupBuyers(buy-side)Views Buyer (sell-side) Buyers(sell-side) Buyers(sell-side)
CommandsResourceGroupBuyers
(sell-side)ViewsBuyer Administrator BuyerAdministrators BuyerAdministrators
CommandsResource
GroupBuyerAdministrators
ViewsBuyer Approver BuyerApprovers BuyerApproversCmd
ResourceGroupBuyerApproversViews Category Manager CategoryManagers CategoryManagers
CmdResourceGroupCategoryManagersViews Channel Manager ChannelManagers ChannelManagersCmd
ResourceGroupChannelManagersViews Customer Service Representative CustomerService
RepresentativesCustomerService
RepCmdResourceGroupCustomerService
Representative
ViewsCustomer Service Supervisor CustomerService
SupervisorsCustomerService
Supervisor
CmdResourceGroupCustomerService
SupervisorViewsGuest1 Guests GuestUsersCmd
ResourceGroupGuestUsersViews Logistics Manager LogisticsManagers LogisticsManagersCmd
ResourceGroupLogisticsManagersViews Marketing Manager MarketingManagers MarketingManager
CmdResourceGroupMarketingManagersViews Marketing Director MarketingDirectors MarketingDirector
CmdResourceGroupn/a Non-Rejected User3 NonRejectedUsers NonRejectedUserCommands
ResourceGroupNonRejectedUsersViews Operations Manager OperationsManagers OperationsManagersCmd
ResourceGroupOperationsManagersViews Pick Packer PickPackers PickPackersCmd
ResourceGroupPickPackersViews Procurement Buyer ProcurementBuyers ProcurementBuyersCmd
ResourceGroupn/a Product Manager ProductManagers ProductManagers
CmdResourceGroupProductManagersViews Receiver Receivers ReceiversCmdResourceGroup ReceiversViews Registered Approved User2 RegisteredApproved
UsersRegisteredApprovedUsers
CommandsResourceGroupRegisteredApproved
UsersViewsRegistered Customer (with OrgandAncestorOrgs role qualifier) Registered
CustomersForOrgRegisteredUserCmd
ResourceGroupRegisteredUserViews Returns Administrator ReturnsAdministrators ReturnsAdministratorsCmd
ResourceGroupReturnsAdministrators
ViewsSales Manager SalesManagers SalesManagersCmd
ResourceGroupSalesManagersViews Seller Administrator Seller
AdministratorsSellerAdministrators
CommandsResourceGroupSellerAdministrators
ViewsSeller Sellers SellersCmdResourceGroup SellersViews Site Administrator SiteAdministrators n/a n/a Workspace Manager WorkspaceManagers WorkspaceManagersCmdResourceGroup WorkspaceManagersViews Attachment Manager AttachmentManagers AttachmentManagersCmdResourceGroup n/a Workspace Taskgroup Approver WorkspaceTaskgroupApprovers WorkspaceTaskgroupApproversCmdResourceGroup WorkspaceTaskgroupApproversViews Workspace Content Contributors WorkspaceContentContributors WorkspaceContentContributorsCmdResourceGroup WorkspaceContentContributorsViews Notes:
- "Guest" is not a true role. Users who have a registration status set to "G" (the USER.REGISTERTYPE column is set to "G") implicitly belong to the Guests access group.
- "Registered Approved User" is not a true role. Users who have a registration status set to "R" (the USER.REGISTERTYPE column is set to "R") and whose status is approved (the MEMBER.STATE column is set to 1) implicitly belong to the RegisteredApprovedUsers access group.
- "Non-Rejected User" is not a true role. Users whose registration status is not-rejected (MEMBER.STATE column is not set to 2) implicitly belong to the NonRejectedUsers access group.
- "All Users" is not a true role. All users in the system implicitly belong to the AllUsers access group.
- These action groups and resource groups belong to policies that are part of the B2CPolicyGroup. This policy group likely applies only to organizations that follow the B2C business model.
- These action groups and resource groups belong to policies that are part of the ManagementAndAdministrationPolicyGroup. This policy group likely applies to all organizations.