Adding a new view using a new policy

To add a new view that is accessible by a new role that does not have an existing role-based policy, create an XML file.

About this task


<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">

<Policies>

        <Action Name="MyNewView" CommandName="MyNewView">
        </Action>
   
        <ActionGroup Name="XYZViews"
OwnerID="RootOrganization">
              <ActionGroupAction Name="MyNewView"/>
        </ActionGroup>
        
        <Policy Name="XYZExecuteXYZViews"
                OwnerID="RootOrganization"
                UserGroup="XYZ"
                ActionGroupName="XYZViews"
                ResourceGroupName="ViewCommandResourceGroup"
                PolicyType="groupableStandard">
        </Policy>
        
        <PolicyGroup
Name="ManagementAndAdministrationPolicyGroup"
OwnerID="RootOrganization">
                <PolicyGroupPolicy Name="XYZExecuteXYZViews"
PolicyOwnerId="RootOrganization" />
        </PolicyGroup>               

</Policies>

Procedure

  1. Create a new action definition in the XML file that has the view name MyNewView. This can be any name that you choose.
    
    <Action Name="
    MyNewView
    CommandName="
    MyNewView">
    </Action>
    
  2. Create a new action group to be associated with the new role:
    
    <ActionGroupName="
    XYZViews"
        OwnerID="RootOrganization">
    </ActionGroup>
    

    Where XYZViews is the name of your action group. The OwnerID for action groups should always be RootOrganization.

  3. Associate the new action with the new action group:
    
    <ActionGroupName="
    XYZViews" OwnerID="RootOrganization">
            <ActionGroupAction Name="
    MyNewView"/>
    
    
    </ActionGroup>
    

    Where XYZViews is your action group, and MyNewView is the action you created.

  4. Create a policy that references the new action group:
    
    <Policy Name="
    XYZExecuteXYZViews"
            OwnerID="RootOrganization"
            UserGroup="XYZ"
            ActionGroupName="
    XYZViews"
            ResourceGroupName="ViewCommandResourceGroup"
            PolicyType="groupableStandard">
    </Policy>
    

    Where XYZExecuteXYZViews is your policy name and XYZViews is your action group. In WebSphere Commerce 5.5, because of the policy subscription model, the OwnerID for groupable standard and groupable template policies is not used to determine to which resources a policy will apply. The OwnerID value is currently used only by the Administration Console when viewing policies by organization (owner). If a policy is to apply to multiple organizations, it is recommended that the OwnerID be set to the common ancestor organization such as Root Organization. If a policy is to apply only to a specific organization, it is recommended that the OwnerID be set to that organization's orgentity_id.

  5. Include the new policy in the appropriate policy group. By default, most role-based policies are put into ManagementAndAdministrationPolicyGroup, which should be applied to all organizations.
    
    <PolicyGroupName="ManagementAndAdministrationPolicyGroup"
    OwnerID="RootOrganization">
            <PolicyGroupPolicy Name="XYZExecuteXYZViews"
    PolicyOwnerId="RootOrganization"/>
    </PolicyGroup>
    

    Where the PolicyOwnerId value must be the same as the OwnerID value used in the policy definition.

  6. Load your XML changes into the database. For more information about loading the XML changes, see Loading access control policy data.
  7. Update the Access Control Policies Registry in the Administration Console by doing the following:
    1. Logon to the Administration Console as a Site Administrator.
    2. Click Configuration > Registry.
    3. From the list of registries, select Access Control Policies.
    4. Click Update.

Results

You can now use your view.