Creating an access control policy to secure the new information

The previous step created an access profile, MyCompany_All. By default, only the users with a site administrator role have access to this new data. In this lesson, you update the Catalog service access control policy to state that all users have access to view this data.

About this task

The new policy defines a new action for the MyCompany_All access profile and adds the new action to the CatalogEntry all users group. The access profiles for Change, Process, and Sync are only run after the access control check on the Change, Process, or Sync action.

Tip: Although the previous step of the tutorial also created the MyCompany_CatalogEntry_Update and MyCompany_CatalogEntryDescription_Update access profiles, only those access profiles that are used by Get commands need to be explicitly registered.

Procedure

Create the following file: WCDE_installdir\xml\policies\xml\MyCompanyCatalogAccessControlPolicies.xml

Copy and paste the following access control policy XML into this file:

<Policies>
	<Action Name="GetCatalogEntry.MyCompany_All" CommandName="GetCatalogEntry.MyCompany_All"/>
  
	<ActionGroup Name="Catalog-CatalogEntry-AllUsers-AccessProfileActionGroup" OwnerID="RootOrganization">
		<ActionGroupAction Name="GetCatalogEntry.MyCompany_All"/>
	</ActionGroup>

</Policies>

Run the acpload command to load the access control policies:
1. Open a command prompt and go to WCDE_installdir\bin
2. Run the acpload command with the following form:
  - ```
  acpload db_host_name db_user db_password inputXMLFile (NON-NLS)
```
  Where:
  
  db_host_name
  
  The fully qualified host name of the machine that hosts the development database.
  
  db_user
  
  The name of the database user.
  
  db_password
  
  The password for your database user.
  
  inputXMLFile
  
  The XML file that contains the access control policy specification. In this case, specify MyCompanyCatalogAccessControlPolicies.xml.
- ```
acpload database db_user db_password inputXMLFile schema_name
```
    Where:
    
    database
    
    The name of the database.
    
    db_user
    
    The name of the database user.
    
    db_password
    
    The password for your database user.
    
    inputXMLFile
    
    The XML file that contains the access control policy specification. In this case, specify MyCompanyCatalogAccessControlPolicies.xml.
    
    schema_name
    
    The name of the database user who created the database and owns the schema, in uppercase.
    
    The name of the user who owns the tables.
    Example
    acpload mall dbuser dbuserpwd MyCompanyCatalogAccessControlPolicies.xml DBUSER
  - Run the acpload command with the access control policy XML file as the only parameter:
```
acpload MyCompanyCatalogAccessControlPolicies.xml
```
3. Go to the WCDE_installdir/logs directory. Inspect the acpload.log and messages.txt files to ensure that the access control policy loaded successfully. The messages.txt file might not exist if the load completed successfully. Check that the following policy files were created successfully in the WCDE_installdir/xml/policies/xml directory: MyCompanyCatalogAccessControlPolicies_idres.xml and MyCompanyCatalogAccessControlPolicies_xmltrans.xml. These two files are created as part of a successful idresgen utility process. Any other error files generated in this directory indicate that an error occurred during the loading process.