Example: Removing the ability of contract managers to add or delete attachments to contracts

By default, contract managers for a store can add or delete attachments to contracts they manage. In some cases, you might not want to grant this authority to contract managers.

In this example, you will change a resource-level policy that defines the actions that a contract manager can take. To remove the authority of contract managers to add or delete attachments to contracts, you need to do the following:

  • Determine the resource-level policy that defines the actions that contract managers can take.
  • Determine the name of the action group for the policy.
  • Delete the actions for adding attachments and deleting attachments from the list of actions in the policy's action group.

Identify the resource-level policy and action group

  1. Determine the resource-level policy to be changed. The policy is:
    
    ContractManagersForOrgExecuteContractManageCommandsOnContractResource
    
  2. From the Organization Administration Console, click Access Management > Policies.
  3. For View, select Root Organization to display the policies that it owns.
  4. Locate the policy in the list.
  5. Note the name of the policy's action group--ContractManage. This is the action group you need to change to remove the actions for adding and deleting attachments.

Remove the actions for adding and deleting attachments from the policy's action group

  1. Click Access Management > Action Group.
  2. From the list of action groups, select ContractManage.
  3. Click Change to display the Change Resource Group page.
  4. From the Selected Actions list, select the following actions: com.ibm.commerce.contract.commands.ContractAttachmentAddCmd com.ibm.commerce.contract.commands.ContractAttachmentDeleteCmd.
  5. Click Remove.
  6. Click OK.

Update the access control policy registry with your changes

  1. Open the Administration Console.
  2. Click Configuration > Registry.
  3. From the list of registries, select Access Control Policies.
  4. Click Update.