Troubleshooting: Unexpected access control error after subscribing a policy group to an organization

An access control error can occur, when trying to manage organization (or its descendants) for which you already have authority.

Problem:

An access control error can occur, when trying to manage organization (or its descendants) for which you already have authority.

Indication:

This error occurs when you modify the policy group subscription, it is possible that the policy group, "Management And Administration Policy Group" is missing from the policy group subscription. ("Management And Administration Policy Group" policy group contains all the administration policies that allow you to manage organizations and users.)

Hence, if this policy group is missing from the organization's subscription and if the same organization subscribes to other policy groups, you will experience access control problems managing any organizations and users that are descendants to this organization.

Error Message:

The user does not have the authority to run this command 
"com.ibm.commerce.user.beans.OrgEntityDataBean".

Solution:

  1. Subscribe the "Management And Administration Policy Group" policy group to the organization that you have just modified. To do this, connect to the HCL Commerce database and enter the following SQL:
    
    insert into acplgpsubs (acpolgrp_id, orgentity_id) values 
    ((select acpolgrp_id from acpolgrp where name =
    'ManagementAndAdministrationPolicyGroup'), 
    (select orgentity_id from orgentity where
    orgentityname='<organization name>')) 
    
  2. Refresh the Access Control Policy Groups Registry.

You should now be able to view or update the organizations and users without any error.