Create access control policy for write usage to the objects

In this lesson, you set up write usage policies for your new user group so that users in the new user group have write access to the objects.

Procedure

  1. In a file manager utility, go to the WCDE_installdir\xml\policies\xml directory.
  2. In this directory, create a file and name the file extAccessControlPolicies.xml. This file is your new customized XML file for new access control policies.
  3. Open the new file for editing.
  4. Copy and paste the following code into your new file to create an action group for managing search term association. 
    
<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?>
<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">
<Policies>
  <Action Name="EXT_ManageSearchTermAssociation" CommandName="EXT_ManageSearchTermAssociation"/>
    <ResourceCategory Name="com.ibm.commerce.common.objects.StoreEntityResourceCategory" 
     PrimaryResourceOwnerColumn="MEMBER_ID" PrimaryResourceOwnerTable="STOREENT" 
     PrimaryResourceTable="STOREENT" ResourceBeanClass="com.ibm.commerce.common.objects.StoreEntity">
    <ResourceAction Name="EXT_ManageSearchTermAssociation"/>
  </ResourceCategory>         
  <ActionGroup Name="EXT_ManageSearchTermAssociation" OwnerID="RootOrganization">
    <ActionGroupAction Name="EXT_ManageSearchTermAssociation"/>
  </ActionGroup>	
</Policies>
  5. Set up a new set of policies that are associated to the new action group and user group.
    Copy and paste the following code block before the closing </Policies> tag to create new policies for managing search term associations.
    
<Policy Name="ExtSearchTermAssociationManagersForOrgExecuteManageSearchTermAssociationActionsOnStoreEntityResource" 
  OwnerID="RootOrganization" UserGroup="ExtSearchTermAssociationManagersForOrg"
  ActionGroupName="EXT_ManageSearchTermAssociation" ResourceGroupName="StoreEntityDataResourceGroup" 
  PolicyType="groupableTemplate" />
<PolicyGroup Name="ManagementAndAdministrationPolicyGroup" OwnerID="RootOrganization">   
<PolicyGroupPolicy Name="ExtSearchTermAssociationManagersForOrgExecuteManageSearchTermAssociationActionsOnStoreEntityResource" 
  PolicyOwnerID="RootOrganization"/>
</PolicyGroup>
  6. Update the user group that is associated with the existing set of policies for managing the business objects to the new user group.

    Copy and paste the following code block before the closing </Policies> tag. The following policies for managing search term associations change the name of the user group from CatalogEntryManagersForOrg to ExtSearchTermAssociationManagersForOrg.

    
<Policy Name="Search-SearchTermAssociation-SearchTermAssociationManagersForOrg-Policy"
  OwnerID="RootOrganization" UserGroup="ExtSearchTermAssociationManagersForOrg"
  ActionGroupName="Search-SearchTermAssociation-SearchTermAssociationManagersForOrg-ActionGroup"
  ResourceGroupName="Search-SearchTermAssociation-ResourceGroup" PolicyType="groupableTemplate"/>
  7. Create display names and descriptions of the policies.
    1. Go to the WCDE_installdir\xml\policies\xml directory.
    2. Create a file and name the file extAccessControlPolicies_en_US.xml. This file is your new customized XML file for the descriptions of your access control policies.
    3. Copy and paste the following code block into the customized file. 
      
<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
<!DOCTYPE PoliciesNLS SYSTEM "../dtd/accesscontrolpoliciesnls.dtd">
<PoliciesNLS LanguageID="en_US">   
  
  <Action_nls ActionName="EXT_ManageSearchTermAssociation" 
   Description_nls="Controls access to manage search term association" 
   DisplayName_nls="Allows access to manage search term asscoations"/> 
  
  <ActionGroup_nls ActionGroupName="EXT_ManageSearchTermAssociation" 
   Description_nls="Controls access to manage search term association" 
   DisplayName_nls="Allows access to manage search term associations"/> 
  
  <Policy_nls PolicyName="ExtSearchTermAssociationManagersForOrgExecuteManageSearchTermAssociationActionsOnStoreEntityResource"
   OwnerID="RootOrganization" 
   DisplayName_nls="Search Term Association Managers For Organization Execute Search Term Association Actions On Store Entity Resource" 
   Description_nls="Allows search term association managers to manage search term associations."/>            

</PoliciesNLS>
  8. Update the target database information (see Step 3 of acpload utility).
  9. Stop your HCL Commerce Test Server.
  10. Load your customized XML files.
    1. In command prompt, navigate to WCDE_installdir\bin.
    2. Run the following command to load your new access control policy:

      acpload WCDE_installdir\xml\policies\xml\extAccessControlPolicies.xml

    3. Run the following command to load your new access control policy descriptions and display names:

      acpnlsload WCDE_installdir\xml\policies\xml\extAccessControlPolicies_en_US.xml