Define access control policy elements using XML
The Organization Administration Console allows us to make simple changes to access control policies and their parts. To make more sophisticated changes, you need to edit the XML files directly, and then load them into the database.
About this task
Before starting making changes to the XML files for access control, you should read the topics
(Developer) Access Control and
Creating an access control policy. These topics provide a technical overview of access control and explains how to create customized commands, entity beans, and JSP templates that can be protected by access control policies.Once you have finished the code customization, we can edit the XML files for access control to establish the protections you require.
The following changes can only be made by editing and then loading the appropriate XML files:
- Creating or modifying an action
- Creating or modifying a relationship
- Creating or modifying a relationship group
- Creating or modifying a resource
- Creating or modifying attributes
- Creating or modifying access groups using complex criteria
- Creating or modifying resource groups using complex criteria
- Creating a role-based policy for views
- Changing the action group in a role-based policy for views
- Creating or modifying a policy group
- Associating policies with policy groups
We can manipulate the XML files to perform the following authorization tasks:
- Protecting views
- Protecting controller commands
- Protecting resources
- Protecting data beans
- Grouping resources by attributes
- Defining relationships
- Defining relationship groups
- Defining access groups
- Defining policies
Related concepts
Access control policy
Authorization
Evaluating access control policies
Enforcing access control
Role-based and resource-level policies
Related reference
acpload utility