Implementing access control
Resources that web services act upon are actually
nouns that are represented by generated SDOs. This lesson contains
a brief overview of how access control policy works for BOD service
modules.
About this task
<Action Name="GetProject.MyCompany_Admin_Summary"
CommandName="GetProject.MyCompany_Admin_Summary" />
<Action Name="GetProject.MyCompany_Store_Summary"
CommandName="GetProject.MyCompany_Store_Summary" /><ActionGroup Name="Project-Project-AllUsers-AccessProfileActionGroup"
OwnerID="RootOrganization">
<ActionGroupAction Name="GetProject.MyCompany_Store_Summary" />
</ActionGroup>
<ActionGroup
Name="Project-Project-ProjectManagers-AccessProfileActionGroup"
OwnerID="RootOrganization">
<ActionGroupAction Name="GetProject.MyCompany_Admin_Summary" />
</ActionGroup><!-- the all users access profile access control policy -->
<Policy Name="Project-Project-AllUsers-AccessProfilePolicy"
OwnerID="RootOrganization" UserGroup="AllUsers"
ActionGroupName="Project-Project-AllUsers-AccessProfileActionGroup"
ResourceGroupName="AccessProfileResourceGroup"
PolicyType="groupableStandard" />
<!-- the project manager access profile access policy -->
<Policy Name="Project-Project-ProjectManagers-AccessProfilePolicy"
OwnerID="RootOrganization" UserGroup="RecipeManagers"
ActionGroupName="Project-Project-ProjectManagers-AccessProfileActionGroup"
ResourceGroupName="AccessProfileResourceGroup"
PolicyType="groupableTemplate" /><!-- all user action group which contains read and change actions -->
<ActionGroup Name="Project-Project-AllUsers-ActionGroup" OwnerID="RootOrganization">
<ActionGroupAction Name="DisplayResourceAction"/>
<ActionGroupAction Name="ChangeResourceAction"/>
</ActionGroup> <!-- read action (Get request) -->
<Action Name="DisplayResourceAction" CommandName="Display"/>
<!-- change action (Change request) -->
<Action Name="ChangeResourceAction" CommandName="Change"/>
<!-- process actions (Process request) -->
<Action Name="AddResourceAction" CommandName="Add"/>
<Action Name="DeleteResourceAction" CommandName="Delete"/>
<Action Name="CreateResourceAction" CommandName="Create"/><!-- all project managers action group process action -->
<ActionGroup Name="Project-Project-ProjectManagers-ActionGroup" OwnerID="RootOrganization">
<ActionGroupAction Name="AddResourceAction"/>
<ActionGroupAction Name="DeleteResourceAction"/>
<ActionGroupAction Name="CreateResourceAction"/>
</ActionGroup><!-- the project manager creator policy -->
<Policy Name="Project-Project-ProjectManagers-CreatorPolicy"
OwnerID="RootOrganization" UserGroup="RecipeManagers"
ActionGroupName="Project-Project-ProjectManagers-ActionGroup"
ResourceGroupName="Project-Project-ResourceGroup"
RelationName="creator" PolicyType="groupableTemplate" />Note: For
more information, see Access control in the BOD command framework.
Procedure
- Load the access control policy:
- Run the following commands:
acugload Project-UserGroup.xml acpload Project-access-control.xml
acugload development_db db_user db_password Project-UserGroup.xml db_schema acpload development_db db_user db_password Project-access-control.xml db_schema
- Run the following commands: