WebSphere Commerce views access control or authorization as the process of verifying that users or applications have sufficient authority to access a resource. This section describes the details of several aspects of WebSphere Commerce access control.

Authorization or access control, in WebSphere Commerce is accomplished using access control policies. An access control policy is a rule that describes which group of users can perform a set of actions on a set of resources. WebSphere Commerce provides a set of default access control policies. These default access control policies are specified in XML format and are designed to address many of the typical access control requirements that an e-commerce site requires.

The role of e-commerce has not only changed the way companies are doing business, but it has dramatically increased the kinds of relationships that they can expect to have with their customers and business partners. The Web is a key factor in delivering improved value to your existing customers, and paving the way for new customers eager to benefit from the power and increased efficiency of the Internet. Along with the clear advantages of doing business on the Web and the tremendous potential for increasing your customer base, comes the challenge of managing your business flows and trading patterns while maintaining a highly secure environment, authorizing appropriate transactions, and streamlining your work processes.

The hallmark of access control is the ability to oversee these work processes by managing the ways in which users participate in your system, based on their activities, and their business relationship to your products and services. For example, you might only want customers that have registered with your site to be able to view products for auctions in your store, and to place bids on them. Likewise, you might authorize graphic designers to customize your store pages, but you might restrict them from managing the actual content in your product catalog.

WebSphere Commerce provides you with the right tools for access management, by including more than 200 default access control policies that are automatically loaded into your system at the time of instance creation. These policies have been designed to address many of the typical access control requirements that your business needs, and can even be customized to suit your own e-commerce solution.

Managing access to activities in your electronic marketplace is an integral part of protecting your company's financial assets and resources, for ensuring secure business transactions between approved members of your site, and validating the legitimacy of your online operations. Access control becomes especially crucial in the context of e-commerce, where the entry to your business is largely affected by customer relationships that begin over the Web.