Creating an access control policy to secure the new information

The previous step created an access profile, MyCompany_All. By default, only the users with a site administrator role have access to this new data. In this lesson, you update the Catalog service access control policy to state that all users have access to view this data.

About this task

The new policy defines a new action for the MyCompany_All access profile and adds the new action to the CatalogEntry all users group. The access profiles for Change, Process, and Sync are only run after the access control check on the Change, Process, or Sync action.
Tip: Although the previous step of the tutorial also created the MyCompany_CatalogEntry_Update and MyCompany_CatalogEntryDescription_Update access profiles, only those access profiles that are used by Get commands need to be explicitly registered.

Procedure

  1. Create the following file: WCDE_installdir\xml\policies\xml\MyCompanyCatalogAccessControlPolicies.xml
  2. Copy and paste the following access control policy XML into this file:
    <Policies>
    	<Action Name="GetCatalogEntry.MyCompany_All" CommandName="GetCatalogEntry.MyCompany_All"/>
      
    	<ActionGroup Name="Catalog-CatalogEntry-AllUsers-AccessProfileActionGroup" OwnerID="RootOrganization">
    		<ActionGroupAction Name="GetCatalogEntry.MyCompany_All"/>
    	</ActionGroup>
    
    </Policies>
    
  3. Run the acpload command to load the access control policies:
    1. Open a command prompt and go to WCDE_installdir\bin
    2. For IBM i OS operating systemDB2OracleRun the acpload command with the following form:
      • For IBM i OS operating system
        acpload db_host_name db_user db_password inputXMLFile (NON-NLS)
        
        Where:
        db_host_name
        The fully qualified host name of the machine that hosts the development database.
        db_user
        The name of the database user.
        db_password
        The password for your database user.
        inputXMLFile
        The XML file that contains the access control policy specification. In this case, specify MyCompanyCatalogAccessControlPolicies.xml.
      • DB2Oracle
        acpload database db_user db_password inputXMLFile schema_name
        
        Where:
        database
        The name of the database.
        db_user
        The name of the database user.
        db_password
        The password for your database user.
        inputXMLFile
        The XML file that contains the access control policy specification. In this case, specify MyCompanyCatalogAccessControlPolicies.xml.
        schema_name

        DB2The name of the database user who created the database and owns the schema, in uppercase.

        OracleThe name of the user who owns the tables.

        Example
        acpload mall dbuser dbuserpwd MyCompanyCatalogAccessControlPolicies.xml DBUSER
      • Apache DerbyRun the acpload command with the access control policy XML file as the only parameter:
        acpload MyCompanyCatalogAccessControlPolicies.xml
    3. Go to the WCDE_installdir/logs directory. Inspect the acpload.log and messages.txt files to ensure that the access control policy loaded successfully. The messages.txt file might not exist if the load completed successfully. Check that the following policy files were created successfully in the WCDE_installdir/xml/policies/xml directory: MyCompanyCatalogAccessControlPolicies_idres.xml and MyCompanyCatalogAccessControlPolicies_xmltrans.xml. These two files are created as part of a successful idresgen utility process. Any other error files generated in this directory indicate that an error occurred during the loading process.