Example: Allowing only registered and approved users to change their address information
By default, users can modify their address information if their registration has been approved or is pending approval. In some cases, you might want only registered and approved users to manage their addresses.
In this example, you will change the access group for the resource-level policy that authorizes users to manage their address information, as follows:
- Determine the resource-level policy that allows users to manage their address information.
- Change the access group for the policy.
Because the access group
RegisteredApprovedUsers
does not contain any roles, you do not need to update a role-based policy for this change.
Change the resource-level policy's access group
- Determine the resource-level policy that allows users to manage their address information. The
policy is--
NonRejectedUsersExecuteAddressManageCommandsOnUserResource
.Note: Non-rejected users are users whose registration has not been rejected. Their registration has either been approved or is pending approval. - From the Organization Administration Console, click Access Management > Policies.
- For View, select Root Organization to display the policies that it owns.
- From the list of policies, select NonRejectedUsersExecuteAddressManageCommandsOnUserResource.
- Click Change to display the Change Policy page.
- For User Group, click Find and select RegisteredApprovedUsers.
- Click OK.
- Update the policy's name, display name, and description to reflect the change of access group.
- Click OK.
Update the access control policy registry with your changes
- Open the Administration Console.
- Click Configuration > Registry.
- From the list of registries, select Access Control Policies.
- Click Update.