Customizing default access control policies

The default access control policies that are provided by WebSphere Commerce address the basic requirements that organizations have for regulating the actions and information available to their users. Often, the default policies can be sufficient for your site's needs. At the same time, the default policies are highly customizable, so that you can tailor them to your own requirements.

Any changes that you make to the default access control policies can be overwritten when you upgrade to a new release. To avoid overwriting your custom policies, create your own new policies, member groups, action groups, resource groups, and other access control assets. Remove any default access control policies that do not satisfy your business requirements from your site.

About this task

This topic provides information about how to make basic changes to the default access control policies included with WebSphere Commerce. You begin by introducing certain concepts and relationships you need to understand.

With access control, you can manage your business work flows and ensure that users can complete only the activities that are appropriate with their roles and responsibilities. WebSphere Commerce provides you with default policies that you can use for your site and provides you with the tools and capacity to customize the policies to suit your business needs.

The following table outlines just a few examples of how simple modifications can customize access to your business environment:

What users are allowed to do by default What users are allowed to do after customization
Customers can self-register. Only seller administrators can register new customers.
Buyers can display RFQs that they created. Only sellers can display RFQs if the RFQ resulted in a contract.
Only customers can cancel orders that they created if the order is in pending state. Customer Service Representatives can also cancel orders in pending state, if the total product price is less than $1000.
An order can be modified by the person who created it. Only a user from the buyer organization with the role of purchaser can modify an order that is created.
Account representatives can display all accounts. Account Representatives can display only active accounts.
Employees with the Logistics Manager role can create and modify fulfillment centers. Employees with the Logistics Manager role can create but not modify fulfillment centers.