Secure > Authorization > Customize default access control policies > Examples: Customizing access control policies using the Organization Administration Console
Example: Removing the ability of auction managers to retract bids
By default, auction managers for a store can retract bids submitted at their auctions. In some cases, you might not want to grant this authority to anyone.
To make this change, find the resource-level policy that defines who can retract bids and delete it.
In Auctions Scenario 1, the action, close bidding, was one of several included in the policy. Consequently, you had only to remove the action from the policy's action group. In this example, however, an entire policy controls bid retraction. Therefore, delete a policy not just an action.
To delete the policy, do the following:
- Determine the resource-level policy that covers the retraction of auction bids by auction managers.
- Delete the policy.
Note: Before you delete the policy, make note of its name, access group name, resource group name, and action group name so you can recreate it for the next example.
Steps to take
- Determine the resource-level policy to be changed. The policy is:
AuctionManagersForOrgExecuteAdminRetractBidCommandsOnAuctionResource
- From the Organization Administration Console, click Access Management > Policies.
- For View, select Root Organization to display the policies that it owns.
- From the list of policies, select the following:
AuctionManagersForOrgExecuteAdminRetractBidCommandsOnAuctionResource
- Click Delete.
Update the policy registry with the changes
- Open the Administration Console.
- Click Configuration > Registry.
- From the list of registries, select Access Control Policies.
- Click Update.
- Repeat steps 3 and 4 for the Access Control Policy Groups Registry.