Based on the default access control policies, the UserRegistrationAdminAddCmd command
cannot be run by users who only have the Marketing Manager role. The
following scenario describes the steps needed to modify the existing
policies so that these users can perform this command. You can use
the steps in this scenario and customize them to your own requirements.
About this task
All controller commands require a command-level access control
policy, which has the ActionGroupName = ExecuteCommandActionGroup
.
It also must have a resource group that includes the interface name
of the controller command. These policies usually refer to a specific
role, for example, MarketingManagersExecuteMarketingManagerCmdResourceGroup
.
<Policy Name="
MarketingManagersExecuteMarketingManagerCmdResourceGroup"
OwnerID="RootOrganization"
UserGroup="MarketingManagers"
ActionGroupName="ExecuteCommandActionGroup"
ResourceGroupName="MarketingManagerCmdResourceGroup"
PolicyType="groupableStandard">
</Policy>
Note: The preceding policy is one of the default policies
that is loaded into the database during instance creation. For more
information about the default policies, see
Default access control policy
groups.
In this case, if you want users with the
Marketing Manager role to be able to execute the UserRegistrationAdminAddCmd
,
you have to add this command to the existing Resource Group used in
the policy by creating your own XML file, and do the following:
Procedure
- Redefine the
ExecuteCommand
action
- Redefine
com.ibm.commerce.usermanagement.commands.UserRegistrationAddCmd
as
a resource category. - Associate the resource category with the required resource
group, in this case
MarketingManagerCmdResourceGroup
.
- Copy the XML file to
WC_installdir/xml/policies/xml
.
The following is an example of what your XML could look like:
<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?>
<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">
<Policies>
<Action Name="ExecuteCommand" CommandName="Execute">
</Action>
<ResourceCategory
Name="com.ibm.commerce.usermanagement.commands.UserRegistrationAdminAddCmdResourceCategory"
ResourceBeanClass="com.ibm.commerce.usermanagement.commands.UserRegistrationAdminAddCmd">
<ResourceAction Name="ExecuteCommand"/>
</ResourceCategory>
<ResourceGroup Name="MarketingManagerCmdResourceGroup"
OwnerID="RootOrganization">
<ResourceGroupResource
Name="com.ibm.commerce.usermanagement.commands.UserRegistrationAdminAddCmdResourceCategory"/>
</ResourceGroup>
</Policies>
- Load the XML file into the database using the
WC_installdir/bin/acpload
script.
For more information about loading your XML files, see Loading access control policy
data. - Update the Access Control Policy Registry in the Administration
Console:
- Logon to the Administration Console as a Site Administrator.
- Click . A list of registry components is displayed.
- From the list of registries, select Access
Control Policies.
- Click Update.
Results
You can now use your controller command if it
is not doing any resource-level checking.