To add a new controller command to be accessed
by a new role, that has an existing role-based policy, create an XML
file.
For example:
<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?>
<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">
<Policies>
<ResourceCategory
Name="com.xyz.commands.MyNewControllerCmdResourceCategory"
ResourceBeanClass="com.xyz.commands.MyNewControllerCmd">
<ResourceAction Name="ExecuteCommand"/>
</ResourceCategory>
<ResourceGroup Name="SellersCmdResourceGroup"
OwnerID="RootOrganization">
<ResourceGroupResource
Name="com.xyz.commands.MyNewControllerCmdResourceCategory"/>
</ResourceGroup>
</Policies>
Procedure
- Create a new resource definition in the XML file that corresponds
to the interface name of the controller command.
<ResourceCategory Name="
com.xyz.commands.MyNewControllerCmdResourceCategory"
ResourceBeanClass="
com.xyz.commands.MyNewControllerCmd">
<ResourceAction Name="ExecuteCommand"/>
</ResourceCategory>
- Determine which roles should have access to the command
and associate the new resource with the corresponding resource groups
in the XML file, as in the following example:
<ResourceGroup Name="SellersCmdResourceGroup"
OwnerID="RootOrganization">
<ResourceGroupResource Name="com.xyz.commands.
MyNewControllerCmdResourceCategory"/>
</ResourceGroup>
You can change the resource group depending on which
role you want to use. For more information about role-based policies
see Role-based policies.
- Load your XML changes into the database. For more information
about loading the XML changes, see Loading access control policy
data.
- Update the Access Control Policies Registry in the Administration
Console by doing the following:
- Logon to the Administration Console as a Site Administrator.
- Click .
- From the list of registries, select Access
Control Policies.
- Click Update.
Since there is already a role-based policy that includes
this resource group, you can now use your new controller command,
if it is not doing any resource-level checking.