Create access control policy for write usage to the objects

In this lesson, you set up write usage policies for the new user group so that users in the new user group have write access to the objects.

Procedure

  1. Navigate to WCDE_installdir\xml\policies\xml.
  2. Create an access control policy called extAccessControlPolicies.xml. This file is your new customized XML file for new access control policies.
  3. Open the file for editing.
  4. Create a set of action groups for write usage to the objects.

    Copy and paste the following code block to create an action group for managing search term association.

    <?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?>
<!--********************************************************************-->
<!--  Licensed Materials - Property of IBM                              -->
<!--                                                                    -->
<!--  WebSphere Commerce                                                -->
<!--                                                                    -->
<!--  (c) Copyright IBM Corp. 2012                                      -->
<!--                                                                    -->
<!--  US Government Users Restricted Rights - Use, duplication or       -->
<!--  disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<!--                                                                    -->
<!--********************************************************************-->

<!--
   :::::::::::::::::::::::::::::::::::::::::::::::::::

   This file does not contain any translatable data!!!

   :::::::::::::::::::::::::::::::::::::::::::::::::::
-->
<!--
   This segment used instead of DTD during non-build validation

<Policies xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:noNamespaceSchemaLocation='../xsd/AccessControl.xsd'
      version="1.0">

-->
<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">
<Policies>

    <Action Name="EXT_ManageSearchTermAssociation"  
            CommandName="EXT_ManageSearchTermAssociation"/>
        
    <ResourceCategory Name="com.ibm.commerce.common.objects.StoreEntityResourceCategory" 
       	PrimaryResourceOwnerColumn="MEMBER_ID" 
       	PrimaryResourceOwnerTable="STOREENT" 
       	PrimaryResourceTable="STOREENT" 
       	ResourceBeanClass="com.ibm.commerce.common.objects.StoreEntity">
       
        <ResourceAction Name="EXT_ManageSearchTermAssociation"/>
    </ResourceCategory> 
        
    <ActionGroup Name="EXT_ManageSearchTermAssociation" OwnerID="RootOrganization">
        <ActionGroupAction Name="EXT_ManageSearchTermAssociation"/>
    </ActionGroup>
</Policies>
  5. Set up a new set of policies that are associated to the new action group and user group.

    Copy and paste the following code block before the closing </Policies> tag to create new policies for managing search term associations.

    <Policy Name="ExtSearchTermAssociationManagersForOrgExecuteManageSearchTermAssociationActionsOnStoreEntityResource" 
            OwnerID="RootOrganization"
            UserGroup="ExtSearchTermAssociationManagersForOrg"
            ActionGroupName="EXT_ManageSearchTermAssociation"
            ResourceGroupName="StoreEntityDataResourceGroup" 
            PolicyType="groupableTemplate" />

    <PolicyGroup Name="ManagementAndAdministrationPolicyGroup" OwnerID="RootOrganization">   
        <PolicyGroupPolicy Name="ExtSearchTermAssociationManagersForOrgExecuteManageSearchTermAssociationActionsOnStoreEntityResource" PolicyOwnerID="RootOrganization"/>
    </PolicyGroup>
  6. Update the user group that is associated with the existing set of policies for managing the business objects to the new user group.

    Copy and paste the following code block before the closing </Policies> tag. The following policies for managing search term associations change the name of the user group from CatalogEntryManagersForOrg to ExtSearchTermAssociationManagersForOrg.

    <Policy Name="Search-SearchTermAssociation-SearchTermAssociationManagersForOrg-Policy"
    	    OwnerID="RootOrganization"
    	    UserGroup="ExtSearchTermAssociationManagersForOrg"
    	    ActionGroupName="Search-SearchTermAssociation-SearchTermAssociationManagersForOrg-ActionGroup"
    	    ResourceGroupName="Search-SearchTermAssociation-ResourceGroup"
    	    PolicyType="groupableTemplate"/>
  7. Create display names and descriptions of the policies.
    1. Navigate to WCDE_installdir\xml\policies\xml.
    2. Create a file that is called extAccessControlPolicies_en_US.xml. This file is your new customized XML file for the descriptions of your access control policies.
    3. Copy and paste the following code block into the customized file.
      <?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?>
<!--********************************************************************-->
<!--  Licensed Materials - Property of IBM                              -->
<!--                                                                    -->
<!--  WebSphere Commerce                                                -->
<!--                                                                    -->
<!--  (c) Copyright IBM Corp. 2012                                      -->
<!--                                                                    -->
<!--  US Government Users Restricted Rights - Use, duplication or       -->
<!--  disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<!--                                                                    -->
<!--********************************************************************-->

<!--
   :::::::::::::::::::::::::::::::::::::::::::::::::::

   This file contains translatable data!!!

   :::::::::::::::::::::::::::::::::::::::::::::::::::
-->
<!--
   This segment used instead of DTD during non-build validation

<PoliciesNLS xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:noNamespaceSchemaLocation='../xsd/AccessControl.xsd'
      version="1.0">

-->
<!DOCTYPE PoliciesNLS SYSTEM "../dtd/accesscontrolpoliciesnls.dtd">
<PoliciesNLS LanguageID="en_US">   

    <Action_nls ActionName="EXT_ManageSearchTermAssociation" 
                Description_nls="Controls access to manage search term association" 
                DisplayName_nls="Allows access to manage search term asscoations"/>
 
    <ActionGroup_nls ActionGroupName="EXT_ManageSearchTermAssociation" 
                     Description_nls="Controls access to manage search term association" 
                     DisplayName_nls="Allows access to manage search term associations"/>
 
    <Policy_nls PolicyName="ExtSearchTermAssociationManagersForOrgExecuteManageSearchTermAssociationActionsOnStoreEntityResource"
                OwnerID="RootOrganization" 
                DisplayName_nls="Search Term Association Managers For Organization Execute Search Term Association Actions On Store Entity Resource" 
                Description_nls="Allows search term association managers to manage search term associations."/>
		            
</PoliciesNLS>
  8. Stop your test server.
  9. Load your customized XML files.
    1. In command prompt, navigate to WCDE_installdir\bin.
    2. Run the following command to load your new access control policy:

      acpload extAccessControlPolicies.xml

    3. Run the following command to load your new access control policy descriptions and display names:
      acpnlsload extAccessControlPolicies_en_US.xml