Creating an access control policy to secure the new information

The previous step created an access profile, MyCompany_Store_Details. By default, only the users with a site administrator role have access to this new data. In this step, you update the Subscription service access control policy to state that all registered users have access to view this data.

The new policy defines a new action for the MyCompany_Store_Details access profile and adds the new action to the Subscription all registered users group. The access profiles for Change, Process, and Sync are only run after the access control check on the Change, Process, or Sync action.

Procedure

Create the following file: WCDE_installdir\xml\policies\xml\MyCompanySubscriptionAccessControlPolicies.xml

Copy the following access control policy XML into this file:

<Policies>
  <Action 
   Name="GetSubscription.MyCompany_Store_Details" 
   CommandName="GetSubscription.MyCompany_Store_Details"/>
  <ActionGroup 
   Name="Subscription-Subscription-RegisteredCustomersForOrg-AccessProfileActionGroup" 
   OwnerID="RootOrganization">
     <ActionGroupAction Name="GetSubscription.MyCompany_Store_Details"/>
  </ActionGroup>
</Policies>

Run the acpload command to load the access control policy:
1. Ensure that the WebSphere Commerce Test Server is stopped.
2. Open a command line and go to WCDE_installdir\bin
3. Run the following command: acpload MyCompanySubscriptionAccessControlPolicies.xml.
  Go to the WCDE_installdir\logs directory and inspect the acpload.log and messages.txt files to ensure that the access control policy loaded successfully. The messages.txt file might not exist if the load completed successfully.
Usage: acpload database name database user password input xml filename (NON-NLS) schema name
Example: acpload ORCL user userpwd defaultaccesscontrolpolicies.xml user