To add a new controller command to be accessed by a new role, that has an
existing role-based policy, create an XML file.
For example:
<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?>
<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">
<Policies>
<ResourceCategory
Name="com.xyz.commands.MyNewControllerCmdResourceCategory"
ResourceBeanClass="com.xyz.commands.MyNewControllerCmd">
<ResourceAction Name="ExecuteCommand"/>
</ResourceCategory>
<ResourceGroup Name="SellersCmdResourceGroup"
OwnerID="RootOrganization">
<ResourceGroupResource
Name="com.xyz.commands.MyNewControllerCmdResourceCategory"/>
</ResourceGroup>
</Policies>
Procedure
-
Create a new resource definition in the XML file that corresponds to the interface name of the
controller command.
<ResourceCategory Name="
com.xyz.commands.MyNewControllerCmdResourceCategory"
ResourceBeanClass="
com.xyz.commands.MyNewControllerCmd">
<ResourceAction Name="ExecuteCommand"/>
</ResourceCategory>
-
Determine which roles should have access to the command and associate the new resource with the
corresponding resource groups in the XML file, as in the following example:
<ResourceGroup Name="SellersCmdResourceGroup"
OwnerID="RootOrganization">
<ResourceGroupResource Name="com.xyz.commands.
MyNewControllerCmdResourceCategory"/>
</ResourceGroup>
You can change the resource group depending on which role you want to use. For more information
about role-based policies see Role-based
policies.
-
Load your XML changes into the database. For more information about loading the XML changes,
see Loading access control policy data.
-
Update the Access Control Policies Registry in the Administration Console by doing the
following:
-
Logon to the Administration Console as a Site Administrator.
-
Click .
-
From the list of registries, select Access Control Policies.
-
Click Update.
Since there is already a role-based policy that includes this resource group, you can
now use your new controller command, if it is not doing any resource-level checking.