Creating an access control policy to secure the new information

In this lesson, you update the catalog service access control policy to grant all users access to view the new catalog entry information. By default, only the users with a site administrator role have access to the new data.

About this task

The new policy that you create in the following steps define a new action for the MyCompany_All access profile that you created in the previous lesson. You new policy also adds the new action to the CatalogEntry all users group. The access profiles for change, process, and sync actions run after the access control check on the change, process, or sync action.

Tip: Although the previous lesson also created the MyCompany_CatalogEntry_Update and MyCompany_CatalogEntryDescription_Update access profiles, only those access profiles that are used by Get commands need to be explicitly registered.

Procedure

In your file manager utility, browse to the WCDE_installdir\xml\policies\xml directory.
Within the directory, create an XML file that is named MyCompanyCatalogAccessControlPolicies.xml.

Open your new file for editing and add the following code to define your new access control policy.

<Policies>
	<Action Name="GetCatalogEntry.MyCompany_All" CommandName="GetCatalogEntry.MyCompany_All"/>
  
	<ActionGroup Name="Catalog-CatalogEntry-AllUsers-AccessProfileActionGroup" OwnerID="RootOrganization">
		<ActionGroupAction Name="GetCatalogEntry.MyCompany_All"/>
	</ActionGroup>

</Policies>

Run the acpload command to load the access control policies:
1. Open a command prompt and go to the WCDE_installdir\bin directory.
2. Run the acpload command by using the following command:
  - Run the acpload command with the access control policy XML file as the only parameter:
```
acpload MyCompanyCatalogAccessControlPolicies.xml
```
  - ```
  acpload database db_user db_password inputXMLFile schema_name
```
  Where:
  
  database
  
  The name of the database.
  
  db_user
  
  The name of the database user.
  
  db_password
  
  The password for your database user.
  
  inputXMLFile
  
  The XML file that contains the access control policy specification. In this case, specify MyCompanyCatalogAccessControlPolicies.xml.
  
  schema_name
  
  The name of the database user who created the database and owns the schema, in uppercase.
  
  The name of the user who owns the tables.
  
  For example,
```
  acpload mall dbuser dbuserpwd MyCompanyCatalogAccessControlPolicies.xml DBUSER
```
- ```
acpload db_host_name db_user db_password inputXMLFile (NON-NLS)
```
    Where:
    
    db_host_name
    
    The fully qualified host name of the machine that hosts the development database.
    
    db_user
    
    The name of the database user.
    
    db_password
    
    The password for your database user.
    
    inputXMLFile
    
    The XML file that contains the access control policy specification. In this case, specify MyCompanyCatalogAccessControlPolicies.xml.
3. Go to the WCDE_installdir/logs directory. Inspect the acpload.log and messages.txt files to ensure that the access control policy loaded successfully. The messages.txt file might not exist if the load completed successfully.
  Check that the following policy files were created successfully in the WCDE_installdir/xml/policies/xml directory:
  - MyCompanyCatalogAccessControlPolicies_idres.xml
  - MyCompanyCatalogAccessControlPolicies_xmltrans.xml
  These two files are created as part of a successful idresgen utility process. Any error files that generate in this directory indicate that an error occurred during the loading process.