Examples: Customizing access control policies using the Organization Administration Console

For all of these examples, it is assumed that a Site Administrator is modifying the policies for Root Organization. Once you step through some of the examples, you will be able to follow the same methodology to make changes not specifically covered here.

The examples are organized by business area. Within each business area, the examples are presented in order of increased complexity.

Customization examples organized by type of customization

Customization	See the example
Add a role to a policy's access group	Permitting both coupon administrators and Operations Managers to create coupon promotions
Change a policy's action group	Allow procurement buyer administrators to submit the procurement shopping cart for orders created by their organization Permitting fulfillment center managers to update fulfillment centers but not to delete them
Change a policy's resource relationship	Allowing only Buyer Administrators to modify orders Allowing procurement shopping cart managers to manage the procurement shopping cart for orders created by their organization
Change a policy to use a different access group	Limiting auction bidding to buyers Permitting only Buyers to create orders Allowing only Buyer Administrators to modify orders Allowing only registered and approved users to change their address information Allowing only buyers to redeem coupons Permitting both coupon administrators and Operations Managers to create coupon promotions
Create a new access group and using it in a policy	Allowing RMA approvers to approve all RMAs Allowing member registrars to register users
Create a new action group and using it in a policy	Allowing member registrars to register users Allow procurement buyer administrators to submit the procurement shopping cart for orders created by their organization
Create a new resource-level policy	Permitting both contract operators and contract administrators to deploy contracts Allow procurement buyer administrators to submit the procurement shopping cart for orders created by their organization
Create a new role-based policy	Allowing member registrars to register users Allowing auditors to view business intelligence reports
Create a new role and using it in a resource-level policy	Allowing member registrars to register users Allowing auditors to view business intelligence reports
Deleting a policy	Remove the ability of auction managers to retract bids Remove the ability of users to self-register
Remove an action from a policy's action group	Remove the ability of auction administrators to close auction bidding Remove the ability of contract managers to add or delete attachments to contracts

Tips for changing default policies

• Most access groups are defined by user roles such as Buyer or Product Manager. To better understand these roles and what actions they are permitted to take, see Roles.

• Before you change a policy to use a different access group, review the definition of that access group to ensure it meets your requirements. To do so, select Access Management > Access Groups from the Organization Administration Console.

• Depending on the value you select for View, the Policies page lists the policies that are owned by the selected organization. It does not distinguish between site-level policies and policies specific to a particular organization.

• Rename any default policies you change so that the policy name reflects what the policy does and so that you can identify the default policies you have changed. Consider implementing a naming convention for your customized policies. If appropriate, you should also modify the description of the policy and its display name.

Note: The access control policy menu is moved to Organization Administration Console. The Organization Administration Console can only perform simple modifications to the access control policy definitions and access group definitions. The more robust solution is to update the data using XML files. The following operations can only be done through XML:

1. Define new actions, resources, attributes, relationships, relationship groups.

2. Define complex implicit resource groups, and complex implicit access groups.

3. Assign a new policy to a policy group.

Related Concepts

Related tasks

Related Reference