To add a new view that is accessible by a new role that does not
have an existing role-based policy, create an XML file.
About this task
<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?>
<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">
<Policies>
<Action Name="MyNewView" CommandName="MyNewView">
</Action>
<ActionGroup Name="XYZViews"
OwnerID="RootOrganization">
<ActionGroupAction Name="MyNewView"/>
</ActionGroup>
<Policy Name="XYZExecuteXYZViews"
OwnerID="RootOrganization"
UserGroup="XYZ"
ActionGroupName="XYZViews"
ResourceGroupName="ViewCommandResourceGroup"
PolicyType="groupableStandard">
</Policy>
<PolicyGroup
Name="ManagementAndAdministrationPolicyGroup"
OwnerID="RootOrganization">
<PolicyGroupPolicy Name="XYZExecuteXYZViews"
PolicyOwnerId="RootOrganization" />
</PolicyGroup>
</Policies>
Procedure
- Create a new action definition in the XML file that has the view
name MyNewView. This can be any name that you choose.
<Action Name="
MyNewView
CommandName="
MyNewView">
</Action>
- Create a new action group to be associated with the new role:
<ActionGroupName="
XYZViews"
OwnerID="RootOrganization">
</ActionGroup>
Where XYZViews is the name of your action
group. The OwnerID for action groups should always be RootOrganization.
- Associate the new action with the new action group:
<ActionGroupName="
XYZViews" OwnerID="RootOrganization">
<ActionGroupAction Name="
MyNewView"/>
</ActionGroup>
Where XYZViews is your action group, and
MyNewView is the action you created.
- Create a policy that references the new action group:
<Policy Name="
XYZExecuteXYZViews"
OwnerID="RootOrganization"
UserGroup="XYZ"
ActionGroupName="
XYZViews"
ResourceGroupName="ViewCommandResourceGroup"
PolicyType="groupableStandard">
</Policy>
Where XYZExecuteXYZViews is your policy
name and XYZViews is your action group. In WebSphere Commerce
5.5, because of the policy subscription model, the OwnerID for groupable standard
and groupable template policies is not used to determine to which resources
a policy will apply. The OwnerID value is currently used only by the Administration
Console when viewing policies by organization (owner). If a policy is to apply
to multiple organizations, it is recommended that the OwnerID be set to the
common ancestor organization such as Root Organization. If a policy is to
apply only to a specific organization, it is recommended that the OwnerID
be set to that organization's orgentity_id
.
- Include the new policy in the appropriate policy group. By default,
most role-based policies are put into ManagementAndAdministrationPolicyGroup,
which should be applied to all organizations.
<PolicyGroupName="ManagementAndAdministrationPolicyGroup"
OwnerID="RootOrganization">
<PolicyGroupPolicy Name="XYZExecuteXYZViews"
PolicyOwnerId="RootOrganization"/>
</PolicyGroup>
Where the PolicyOwnerId
value must be the
same as the OwnerID
value used in the policy definition.
- Load your XML changes into the database. For more information about
loading the XML changes, see Loading
access control policy data.
- Update the Access Control Policies Registry in the Administration
Console by doing the following:
- Logon to the Administration Console as a Site Administrator.
- Click Configuration > Registry.
- From the list of registries, select Access Control
Policies.
- Click Update.
Results
You can now use your view.