Adding a new controller command using a new policy
To add a new controller command to be accessed by a new role, that does not have an existing role-based policy, create an XML file.
About this task
For example:
<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?>
<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">
<Policies>
<ResourceCategory
Name="com.xyz.commands.MyNewControllerCmdResourceCategory"
ResourceBeanClass="com.xyz.commands.MyNewControllerCmd">
<ResourceAction Name="ExecuteCommand"/>
</ResourceCategory>
<ResourceGroup Name="XYZCmdResourceGroup"
OwnerID="RootOrganization">
<ResourceGroupResource
Name="com.xyz.commands.MyNewControllerCmdResourceCategory"/>
</ResourceGroup>
<Policy Name="XYZExecuteXYZsCmdResourceGroup"
OwnerID="RootOrganization"
UserGroup="XYZ"
ActionGroupName="ExecuteCommandActionGroup"
ResourceGroupName="XYZCmdResourceGroup"
PolicyType="groupableStandard">
</Policy>
<PolicyGroup Name="ManagementAndAdministrationPolicyGroup"
OwnerID="RootOrganization">
<PolicyGroupPolicy Name="XYZExecuteXYZsCmdResourceGroup"
PolicyOwnerId="RootOrganization"/>
</PolicyGroup>
</Policies>
Procedure
- Create a new resource definition in the XML file that corresponds with the interface name of the controller command.
-
Create a new resource group to be associated with the new role:
<ResourceGroup Name=" XYZCmdResourceGroup" OwnerID="RootOrganization"> </ResourceGroup>
-
Associate the new resource with the new resource group:
<ResourceGroup Name=" XYZCmdResourceGroup" OwnerID="RootOrganization"> <ResourceGroupResource Name="com. xyz.commands. MyNewControllerResourceCategory"/> </ResourceGroup>
-
Create a policy that references your new resource group:
<Policy Name=" XYZExecute XYZsCmdResourceGroup" OwnerID="RootOrganization" UserGroup=" XYZ" ActionGroupName="ExecuteCommandActionGroup" ResourceGroupName=" XYZCmdResourceGroup" PolicyType="groupableStandard"> </Policy>
- Load your XML changes into the database. For more information about loading the XML changes, see Loading your changes into the database.
-
Update the Access Control Policies Registry in the Administration Console by doing the
following:
- Logon to the Administration Console as a Site Administrator.
- Click Configuration > Registry.
- From the list of registries, select Access Control Policies.
- Click Update.