Example: Limiting auction bidding to buyers

By default, all registered users are permitted to bid for products being auctioned at a store, regardless of their position in their organization. In some cases, you may want to limit bidding to a restricted group of users such as those assigned the buyer role in WebSphere Commerce.

In this example, you will change a resource-level policy, as well as its associated role-based policy. To limit bidding to members of a buying organization with the buyer role, you need to do the following:

  • Determine the resource-level policy that specifies who can create an auction bid.
  • Change the policy's access group from all registered users, to those with the buyer role.
  • Rename the policy, description, and display name.
  • Identify the command for creating bids.
  • Determine the role-based policy for buyers (buy-side). This policy defines the commands that users with the Buyer (Buy-side) role can execute. You must update this policy's resource group to permit buyers to execute the command for creating bids.
  • Update this role-based policy's resource group to include the command for creating bids.

Change the access group for the policy

  1. Click Change to display the Change Policy page.
  2. For User Group, click Find and select Buyers (Buy-side).
  3. Click OK.
  4. Rename the policy, display name, and description of the policy, by editing their text.
  5. Click OK.

Identify the command for creating bids

  1. Click Access Management > Action Groups.
  2. From the list of action groups, select BidCreate.
  3. Click Change to display the Change Action Group page. Note the name of the command for creating bids: com.ibm.commerce.negotiation.commands.BidSubmitCmd. You must add this command to the resource group that contains the list of commands a buyer can execute.

Identify the role-based policy and resource group for the Buyer (Buy-side) role

  1. Determine the role-based policy for buyers (buy-side). The policy is:

    Buyers(buy-side)ExecuteBuyers(buy-side)CommandsResourceGroup.

  2. Click Access Management > Policies.
  3. For View, select Root Organization to display the site-level policies.
  4. Note the name of the resource group: Buyers(buy-side)CommandsResourceGroup. Now you have the name of the resource group you need to update.

Update the resource group in the role-based policy to include the command for creating bids

  1. Click Access Management > Resource Groups.
  2. Select Buyers(Buy-side)CommandsResourceGroup.
  3. Click Change to display the Change Resource Group page.
  4. Click Next to display the Details page.
  5. From the Available Resources list, select com.ibm.commerce.negotiation.commands.BidSubmitCmd. This is the command for creating bids.
  6. Click Add to add the command to the resource group.
  7. Click Finish.

Update the access control policy registry with your changes

  1. Open the Administration Console.
  2. Click Configuration > Registry.
  3. From the list of registries, select Access Control Policies.
  4. Click Update.