Troubleshooting: Missing policy for new controller command

A controller command was added without an accompanying access control policy.

Problem: A controller command was added without an accompanying access control policy.

Indication: An application error is displayed. In the trace.log file the Execute action will match several policies, but no resource groups will match.


PolicyManagerImpl.isAllowed isAllowed? User=510; Action=Execute; 
        Resource=com.ibm.commerce.scheduler.commands.ListRegistryCmdImpl; 
        Owner=-2001; Resource Ancestor Orgs=-2001,-2001; Resource Applicable Orgs=-2001 
PolicyManagerImpl.isAllowed Found 
        PolicyName: BuyerAdministratorsExecuteBuyersAdministratorsCommands; 
        PolicyType: 2; PolicyOwner: -2001
PolicyManagerImpl.getPolicyApplicableOrgs Policy Applicable Orgs=-2001
PolicyManagerImpl.evaluatePolicy Evaluating PolicyName: 
        BuyerAdministratorsExecuteBuyersAdministratorsCommands
PolicyManagerImpl.evaluatePolicy ResourceGroup does not match
...
PolicyManagerImpl.isAllowed PASSED? =false

Solution:

  1. Create a policy for controller command.

    Refer to Adding a new controller command using existing policies for an example.

  2. Load the policy using the acpload utility.
  3. Update the Registry.