Language-independent access control policy bootstrap file

defaultAccessControlPolicies.xml is a language-independent XML file that populates the access control database tables with information. You may want to access this file to find out specific information, such as attributes, actions, relationships, resource categories, action groups, resource groups, policy groups, policies, and policy group subscription.

Information and database tables populated by defaultAccessControlPolicies.xml file
Database Table Type of Information Code Sample
ACPOLGRP Stores all of the access control policy groups in the system. 

<PolicyGroup Name="CommonShoppingPolicyGroup"
      OwnerID="RootOrganization"> </PolicyGroup>
ACPOLGPPOL Includes policies into a policy group. 

<PolicyGroupPolicy Name="SiteAdministratorsCanDoEverything"
      PolicyOwnerId="RootOrganization" />
ACPLGPSUBS Allows organizational entities to subscribe to the specified policy group. 

<PolicyGroupSubscription
      OrganizationID="RootOrganization"/>
ACRELGRP Stores all of the relationship groups in the system. 

<RelationGroup Name="MemberOf->BuyerOrganizationalEntity"
OwnerID="RootOrganization">
<RelationCondition><![CDATA[
<profile>
<openCondition name="RELATIONSHIP_CHAIN">
<parameter name="HIERARCHY" value="child"/>
<parameter name="RELATIONSHIP"
value="BuyingOrganizationalEntity"/>
</openCondition>
</profile>
]]></RelationCondition>
</RelationGroup>
ACACTACTGP Stores the association between actions and action groups. 

<ActionGroupAction 
Name="AllCommands"/>
ACACTGRP Stores the action groups. 

<ActionGroup 
Name="DoEverything" 
OwnerID="RootOrganization"/>
ACACTION Master list of all the actions in the system. 

<Action Name="AllCommands" 
CommandName="*"/>
ACATTR Master list of the attributes that various resources can be grouped on. These attributes can be used to form implicit resource groups. 

<Attribute Name="Status" 
Type="String"> </Attribute>
ACPOLICY Stores all the access control policies in the system 

<Policy
      Name="SiteAdministratorsCanDoEverything"
      OwnerID="RootOrganization"
      UserGroup="SiteAdministrators"
      ActionGroupName="DoEverything"
      ResourceGroupName="AllResourceGroup"
      PolicyType="groupableStandard">
      </Policy>
ACRELATION This is a master list of all the relationships that exist in the system. 

<Relation Name="owner"/>
ACRESACT Stores the actions that can be performed on a resource category. This is used only by the Tools, and not for policy evaluation. 

<ResourceAction Name="DisplayDatabean"/>
ACRESATREL Stores the attributes of a resource category, upon which the resource category can be grouped. This is used only by the Organization Administration Console tool, and not for policy evaluation. 

<ResourceAttributes Name="Status" 
AttributeTableName="ORDERS" 
AttributeColumnName="STATUS" 
ResourceKeyColumnName="ORDERS_ID"/>
ACRESCGRY Stores all the resource categories in the system and the metadata information about them. 

<ResourceCategory 
Name="com.ibm.commerce.catalog.commands.
ProductDisplayCmdResourceCategory" 
ResourceBeanClass="com.ibm.commerce.catalog.
commands.ProductDisplayCmd"> 
</ResourceCategory>
ACRESGPRES Explicitly includes resource categories into resource groups, based on the resource category classname. 

<ResourceGroupResource Name="Object" />
ACRESGRP This is a master list of all the resource groups in the system 

<ResourceGroup 
Name="AllResourceGroup"
OwnerID="RootOrganization">
</ResourceGroup>
ACRESPRIM Stores the primary resource column names for a resource. 

<ResourcePrimaryColumns 
PrimaryResourceKeyColumn="users_id"/>
ACRESREL Stores the relationships that are supported by a resource category. This is used only by the Organization Administration Console tool, and not for policy evaluation. 

<ResourceRelation Name="owner" 
RelationTable="users" 
RelationKeyColumn="users_id" 
RelationMemberColumn="users_id"/>
Note: It is recommended that you do not modify any of the bootstrap files. If modified, an instance may not be created successfully and this could result in a major support issue. If changes are needed to the bootstrap access control policy information, after instance creation, it is best to copy the bootstrap file, modify it as needed, and then load the new access control policy definition file.