Default access control policies

The default policies shipped with WebSphere Commerce are organized into the following categories:

Role-based policies
The role-based policies for each default role. These policies are also referred to as command-level policies because they define who can execute each command. For a complete listing of these polices, see Role-based policies.
Resource-level policies
The resource-level policies, grouped by business area. These policies define the actions a group of users can perform on specific resources. Under each business area, policies are organized by the type of resource they regulate:
Data resources
Business objects that can be manipulated such as an order or a bid.
DataBean resources
Contain information about business objects. Data beans are used to display object information about a Web page.

For a complete listing of these polices, see Resource-level policies.

During instance creation, WebSphere Commerce loads the default access control policies from the bootstrap file, WC_installdir/xml/policies/xml/defaultAccessControlPolicies.xml.