Language-independent access control policy bootstrap file

Language-independent access control policy bootstrap file

defaultAccessControlPolicies.xml is a language-independent XML file that populates the access control database tables with information. You may want to access this file to find out specific information, such as attributes, actions, relationships, resource categories, action groups, resource groups, policy groups, policies, and policy group subscription.
The types of information and database tables populated by defaultAccessControlPolicies.xml include the following:
Database Table Type of Information Code Sample
ACPOLGRP
Stores all of the access control policy groups in the system.
<PolicyGroup Name="CommonShoppingPolicyGroup"
      OwnerID="RootOrganization"> </PolicyGroup>
ACPOLGPPOL

Includes policies into a policy group.
<PolicyGroupPolicy Name="SiteAdministratorsCanDoEverything"
      PolicyOwnerId="RootOrganization" />
ACPLGPSUBS

Allows organizational entities to subscribe to the specified policy group.
<PolicyGroupSubscription
      OrganizationID="RootOrganization"/>
ACRELGRP

Stores all of the relationship groups in the system.
<RelationGroup Name="MemberOf->BuyerOrganizationalEntity"
OwnerID="RootOrganization">
<RelationCondition><![CDATA[
<profile>
<openCondition name="RELATIONSHIP_CHAIN">
<parameter name="HIERARCHY" value="child"/>
<parameter name="RELATIONSHIP" value="BuyingOrganizationalEntity"/>
</openCondition>
</profile>
]]></RelationCondition>
</RelationGroup>
ACACTACTGP
Stores the association between actions and action groups.
<ActionGroupAction 
Name="AllCommands"/>
ACACTGRP
Stores the action groups.
<ActionGroup 
Name="DoEverything" 
OwnerID="RootOrganization"/> 
ACACTION
Master list of all the actions in the system.
<Action Name="AllCommands" 
CommandName="*"/>
ACATTR
Master list of the attributes that various resources can be grouped on. These attributes can be used to form implicit resource groups.
<Attribute Name="Status" 
Type="String"> </Attribute>
ACPOLICY
Stores all the access control policies in the system
<Policy
      Name="SiteAdministratorsCanDoEverything"
      OwnerID="RootOrganization"
      UserGroup="SiteAdministrators"
      ActionGroupName="DoEverything"
      ResourceGroupName="AllResourceGroup"
      PolicyType="groupableStandard">
      </Policy>
ACRELATION
This is a master list of all the relationships that exist in the system.
<Relation Name="owner"/>
ACRESACT
Stores the actions that can be performed on a resource category. This is used only by the Tools, and not for policy evaluation.
<ResourceAction Name="DisplayDatabean"/>
ACRESATREL
Stores the attributes of a resource category, upon which the resource category can be grouped. This is used only by the Organization Administration Console tool, and not for policy evaluation.
<ResourceAttributes Name="Status" 
AttributeTableName="ORDERS" 
AttributeColumnName="STATUS" 
ResourceKeyColumnName="ORDERS_ID"/>
ACRESCGRY
Stores all the resource categories in the system and the metadata information about them.
<ResourceCategory 
Name="com.ibm.commerce.catalog.commands.
ProductDisplayCmdResourceCategory" 
ResourceBeanClass="com.ibm.commerce.catalog.
commands.ProductDisplayCmd"> 
</ResourceCategory>
ACRESGPRES
Explicitly includes resource categories into resource groups, based on the resource category classname.
<ResourceGroupResource Name="Object" />
ACRESGRP
This is a master list of all the resource groups in the system
<ResourceGroup 
Name="AllResourceGroup"
OwnerID="RootOrganization">
</ResourceGroup>
ACRESPRIM
Stores the primary resource column names for a resource.
<ResourcePrimaryColumns 
PrimaryResourceKeyColumn="users_id"/>
ACRESREL
Stores the relationships that are supported by a resource category. This is used only by the Organization Administration Console tool, and not for policy evaluation.
<ResourceRelation Name="owner" 
RelationTable="users" 
RelationKeyColumn="users_id" 
RelationMemberColumn="users_id"/>
IBM recommends that you do not modify any of the bootstrap files. If modified, an instance may not be created successfully and this could result in a major support issue. If changes are needed to the bootstrap access control policy information, after instance creation, it is best to copy the bootstrap file, modify it as needed, and then load the new access control policy definition file.
Related concepts

Bootstrap files
Authorization

Database Table	Type of Information	Code Sample
ACPOLGRP	Stores all of the access control policy groups in the system.	<PolicyGroup Name="CommonShoppingPolicyGroup" OwnerID="RootOrganization"> </PolicyGroup>
ACPOLGPPOL	Includes policies into a policy group.	<PolicyGroupPolicy Name="SiteAdministratorsCanDoEverything" PolicyOwnerId="RootOrganization" />
ACPLGPSUBS	Allows organizational entities to subscribe to the specified policy group.	<PolicyGroupSubscription OrganizationID="RootOrganization"/>
ACRELGRP	Stores all of the relationship groups in the system.	<RelationGroup Name="MemberOf->BuyerOrganizationalEntity" OwnerID="RootOrganization"> <RelationCondition><![CDATA[ <profile> <openCondition name="RELATIONSHIP_CHAIN"> <parameter name="HIERARCHY" value="child"/> <parameter name="RELATIONSHIP" value="BuyingOrganizationalEntity"/> </openCondition> </profile> ]]></RelationCondition> </RelationGroup>
ACACTACTGP	Stores the association between actions and action groups.	<ActionGroupAction Name="AllCommands"/>
ACACTGRP	Stores the action groups.	<ActionGroup Name="DoEverything" OwnerID="RootOrganization"/>
ACACTION	Master list of all the actions in the system.	<Action Name="AllCommands" CommandName="*"/>
ACATTR	Master list of the attributes that various resources can be grouped on. These attributes can be used to form implicit resource groups.	<Attribute Name="Status" Type="String"> </Attribute>
ACPOLICY	Stores all the access control policies in the system	<Policy Name="SiteAdministratorsCanDoEverything" OwnerID="RootOrganization" UserGroup="SiteAdministrators" ActionGroupName="DoEverything" ResourceGroupName="AllResourceGroup" PolicyType="groupableStandard"> </Policy>
ACRELATION	This is a master list of all the relationships that exist in the system.	<Relation Name="owner"/>
ACRESACT	Stores the actions that can be performed on a resource category. This is used only by the Tools, and not for policy evaluation.	<ResourceAction Name="DisplayDatabean"/>
ACRESATREL	Stores the attributes of a resource category, upon which the resource category can be grouped. This is used only by the Organization Administration Console tool, and not for policy evaluation.	<ResourceAttributes Name="Status" AttributeTableName="ORDERS" AttributeColumnName="STATUS" ResourceKeyColumnName="ORDERS_ID"/>
ACRESCGRY	Stores all the resource categories in the system and the metadata information about them.	<ResourceCategory Name="com.ibm.commerce.catalog.commands. ProductDisplayCmdResourceCategory" ResourceBeanClass="com.ibm.commerce.catalog. commands.ProductDisplayCmd"> </ResourceCategory>
ACRESGPRES	Explicitly includes resource categories into resource groups, based on the resource category classname.	<ResourceGroupResource Name="Object" />
ACRESGRP	This is a master list of all the resource groups in the system	<ResourceGroup Name="AllResourceGroup" OwnerID="RootOrganization"> </ResourceGroup>
ACRESPRIM	Stores the primary resource column names for a resource.	<ResourcePrimaryColumns PrimaryResourceKeyColumn="users_id"/>
ACRESREL	Stores the relationships that are supported by a resource category. This is used only by the Organization Administration Console tool, and not for policy evaluation.	<ResourceRelation Name="owner" RelationTable="users" RelationKeyColumn="users_id" RelationMemberColumn="users_id"/>